Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: Bruce Momjian <bruce(at)momjian(dot)us>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Gregory Stark <stark(at)enterprisedb(dot)com>, Marko Kreen <markokr(at)gmail(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-25 06:16:10
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
Bruce Momjian wrote:
> Tom Lane wrote:
> > 2. Improve our documentation about how to set up mutual authentication
> > under SSL (it's a bit scattered now).
> > 
> > 3. Recommend using mutual auth even for local connections, if a server
> > containing sensitive data is to be run on a machine that also hosts
> > untrusted users.
> > 
> > As somebody noted, it's probably even better policy to not have any
> > sensitive data on a machine that hosts untrusted users, and it wouldn't
> > hurt for the docs to point that out; but we should have a documented
> > solution available if you have to do it.
> I have added the section about preventing server spoofing and updated the SSL
> documentation to be more logical and clearer about certificates.
> The major updated sections are:
> I have to say I didn't understand the certificate stuff before, but I
> think it should be clearer now to anyone who reads it.

I have just added two documentation tables outlining SSL file usage for
client and server.

  Bruce Momjian  <bruce(at)momjian(dot)us>

  + If your life is a hard drive, Christ can be your backup. +

In response to

pgsql-hackers by date

Next:From: Andreas 'ads' ScherbaumDate: 2007-12-25 10:33:03
Subject: Binary data type with other output method
Previous:From: Bruce MomjianDate: 2007-12-25 04:03:45
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group