Re: SSL over Unix-domain sockets

Peter Eisentraut wrote:
> I found an old patch on my disk to enable SSL over Unix-domain sockets.
> 
> Remember, about a year ago it was discussed that there might also be 
> man-in-the-middle or fake-server attacks using Unix-domain sockets, 
> because usually anyone can start a server in /tmp.  After an extensive 
> discussion (mainly about moving the socket out of /tmp by default; 
> please don't start that again), it was determined that using SSL server 
> verification would be the proper solution and it fact works without 
> problems.  Except that the start-up overhead was increased significantly 
> (because of the initial key exchange and session key setup etc.).
> 
> Back then we didn't really have a good solution, but I figured since 8.4 
> rearranges the SSL connection parameters anyway, we could stick that in 
> there.
> 
> I imagine for example, we could invent an additional sslmode of the sort 
> prefer-but-not-if-local-socket, which could be the default.
> 
> The other question is whether sslverify=cn makes sense, but that may be 
> up to the user to find out.

I thought the logical solution to this was to place the socket in a
secure directory and not bother with SSL at all.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com
 + If your life is a hard drive, Christ can be your backup. +