| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Bear Giles <bgiles(at)coyotesong(dot)com> |
| Cc: | pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: SSL (patch 3) |
| Date: | 2002-05-27 20:26:12 |
| Message-ID: | Pine.LNX.4.44.0205272206420.2460-100000@localhost.localdomain |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Bear Giles writes:
> Third patch - adds client verification of server certificate.
> This has some POSIX-isms that need to be expanded for Windows
> and Mac clients, and identifies (but does not fix) a problem
> on the backend that could be used for "denial of service"
> attacks on the current backend.
What happens if I don't want to use this feature and/or I don't have the
certificates set up? Why are errors from getpwuid() thrown away, isn't
that a risk?
POSIX-isms in SSL code are OK. I don't think WIN32 handles SSL yet.
Please use MAXPGPATH to size buffers for file names.
What exactly is the "problem" you identify? I couldn't make it out.
--
Peter Eisentraut peter_e(at)gmx(dot)net
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2002-05-27 20:26:47 | Re: SSL (patch 4) |
| Previous Message | Peter Eisentraut | 2002-05-27 20:25:44 | Re: SSL (patch 2) |