Re: Spoofing as the postmaster

Peter Eisentraut wrote:
> Bruce Momjian wrote:
>   
>> The fundamental problem is that because we don't require root, any user's
>> postmaster or pretend postmaster is as legitimate as anyone else's.  SSL
>> certificates add legitimacy checks for TCP, but not for unix domain
>> sockets.
>>     
>
> Wouldn't SSL work over Unix-domain sockets as well?  The API only deals with 
> file descriptors.
>
>   

But we don't check the SSL cert's credentials in the client, AFAIK. That 
means that postmaster spoofer could just as easily spoof SSL. 
Communications between the client and the endpoint will be protected, 
but there is no protection from a man in the middle attack, which is 
what this is.

cheers

andrew