| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Cc: | Dan Kaminsky <dan(at)doxpara(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Gregory Stark <stark(at)enterprisedb(dot)com>, Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us> |
| Subject: | Re: BUG #4340: SECURITY: Is SSL Doing Anything? |
| Date: | 2008-08-20 11:39:28 |
| Message-ID: | 200808201439.30240.peter_e@gmx.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Dan Kaminsky wrote:
> >> 1) No roots (but still works for some unknown reason)
> >> 2) Explicitly configured corporate roots
> >> 3) Explicitly configured corporate roots, AND global roots
> >> 4) Global roots (but still works for some unknown reason)
> So, if you do nothing special, it's #1? Sounds like the path of least
> resistance is no security. Uh oh.
Yeah, in the average, if not common case, a user interested in SSL use would
probably just follow the recipe in the documentation for creating and
installing a self-signed certificate with no certificate checking in the
client. Which, as you correctly observe, is pretty much completely useless.
Someone should probably redesign, reconfigure, and redocument this.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2008-08-20 11:56:56 | Re: BUG #4340: SECURITY: Is SSL Doing Anything? |
| Previous Message | Dan Kaminsky | 2008-08-19 20:35:24 | Re: BUG #4340: SECURITY: Is SSL Doing Anything? |