Re: Spoofing as the postmaster
| От | Magnus Hagander |
|---|---|
| Тема | Re: Spoofing as the postmaster |
| Дата | |
| Msg-id | 47763531.4070502@hagander.net обсуждение исходный текст |
| Ответ на | Re: Spoofing as the postmaster (Martijn van Oosterhout <kleptog@svana.org>) |
| Ответы |
Re: Spoofing as the postmaster
|
| Список | pgsql-hackers |
Martijn van Oosterhout wrote: > On Sat, Dec 29, 2007 at 12:40:24PM +0100, Magnus Hagander wrote: >> We already *do* allow the DBA to choose this, no? If you put the root >> certificate on the client, it *will* verify the server cert, and it >> *will* refuse to connect to a server that can't present a trusted root cert. > > I think Tom's point is that we don't allow this for connections over a > Unix Domain socket. And thus we should remove the asymmetry so the > verification can work for them also. If that's where we still are, then I'm all for that provided it doesn't add a whole lot of complexity, as I think I said before. I thought we were now talking general SSL connections. That could be where I lost the thread :-) > Personally I quite liked the idea of having a serveruser=foo which is > checked by getting the peer credentials. Very low cost, quick setup > solution. It would still only tell you the user and not the postmaster ;-) But yes, it does help in the unix domain case (but not TCP-over-localhost). Either that, or a function that returns the peer credentials if available - like we have for SSL today. Then the client could do some more advanced checking if necessary - like allowing multiple different accounts if wanted. //Magnus
В списке pgsql-hackers по дате отправления: