| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Peter Eisentraut <peter_e(at)gmx(dot)net>, "pgsql-bugs(at)postgresql(dot)org" <pgsql-bugs(at)postgresql(dot)org>, Martin Pitt <mpitt(at)debian(dot)org> |
| Subject: | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |
| Date: | 2009-04-20 14:32:24 |
| Message-ID: | 49EC8778.8080900@hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Tom Lane wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> Patch also changes the default from "prefer" to "disable", per discussion.
>
> I confess to not having paid attention to this thread for awhile.
> I have to violently object to this conclusion --- it is throwing the
> baby out with the bathwater. Under the pretense of being "secure by
> default" it will in fact make things *less* secure. A minimum
> requirement in my view is that existing configurations should continue
> to work and be no less secure than before. Having a connection that
> was encrypted in 8.3 silently become clear-text after installing 8.4
> is just plain NOT acceptable.
>
> I think the patch would be fine if we simply keep the default where
> it is, however. Is there some point I am missing that compels
> selection of a less-secure default?
The current default *makes no sense*. Ever. Not just as a default.
However, I can see us having "allow" instead of "disable" as the
default. That is the most forgiving of all settings - it will work with
whatever you had configured before.
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-04-20 14:54:21 | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |
| Previous Message | Tom Lane | 2009-04-20 14:26:58 | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |