Re: PostgreSQL with SSL
| От | Tom Lane |
|---|---|
| Тема | Re: PostgreSQL with SSL |
| Дата | |
| Msg-id | 24692.1271367015@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: PostgreSQL with SSL (Jose Berardo <joseberardo@gmail.com>) |
| Ответы |
Re: PostgreSQL with SSL
|
| Список | pgsql-admin |
Jose Berardo <joseberardo@gmail.com> writes:
>>> - Is it possible to store the server.key in a ciphered file with
>> No.
> I believe that it may be a good idea, it may bring another security level,
Not really.
> Just saving the private key file inside the cluster with no privilegies for
> other users (the server suggests 0600 mask for it) is still sufficient to
> protected the key?
If someone can access that file, they can also attach to the running
server process and pull the decrypted key out of it. In any case,
providing the server with the key to decrypt the ssl key is not going
to be convenient in operation. You're not going to want to store that
key on disk are you? Do you want somebody around to manually provide
it every time the server restarts? That gets old pretty fast, when
all it's buying you is a largely-imaginary security gain.
regards, tom lane
В списке pgsql-admin по дате отправления: