Bruce Momjian <bruce(at)momjian(dot)us> writes: > We changed Postgres 9.6 to allow open group permissions on the > _server_'s SSL key if it was owned by root: > Allow the server's <acronym>SSL</> key file to have group read > access if it is owned by <literal>root</> (Christoph Berg) > Is this something we should change on the client? I don't see why not, > but the 'root' requirement would still remain.
I'm pretty suspicious of doing this on the client side. It doesn't seem as useful, and it would open up a bunch of issues concerning e.g. what cert authentication actually is authenticating.