Re: Spoofing as the postmaster
| От | Bruce Momjian |
|---|---|
| Тема | Re: Spoofing as the postmaster |
| Дата | |
| Msg-id | 200712290235.lBT2ZjN21922@momjian.us обсуждение исходный текст |
| Ответ на | Re: Spoofing as the postmaster (Magnus Hagander <magnus@hagander.net>) |
| Ответы |
Re: Spoofing as the postmaster
|
| Список | pgsql-hackers |
Magnus Hagander wrote: > We could make it so that we *require* the root certificate to be present > on the client and make the check, and simply refuse to connect without > it. But my guess is that it'll just increase the bar for SSL adoption at > all, whilst most people will find some insecure way to get the root key > over there anyway. Unless we want to start shipping our own batch of > trusted roots, and only support paid-for certificates or something... Agreed. Requiring client root certificate checking is heavy-handed. At most we could emit a server log message when a client has no certificate. Of course I am not sure anyone knows how to get that information from SSL. We could do it in the clients we ship but a malicious client will just remove the check. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://postgres.enterprisedb.com + If your life is a hard drive, Christ can be your backup. +
В списке pgsql-hackers по дате отправления: