Re: controlling the location of server-side SSL files
От | Tom Lane |
---|---|
Тема | Re: controlling the location of server-side SSL files |
Дата | |
Msg-id | 5162.1330543230@sss.pgh.pa.us обсуждение исходный текст |
Ответ на | Re: controlling the location of server-side SSL files (Peter Eisentraut <peter_e@gmx.net>) |
Ответы |
Re: controlling the location of server-side SSL files
|
Список | pgsql-hackers |
Peter Eisentraut <peter_e@gmx.net> writes: > On ons, 2012-02-08 at 09:16 +0100, Magnus Hagander wrote: >> Yes, ignoring a missing file in a security context is definitely not good. >> It should throw an error. >> >> We have a few bad defaults from the old days around SSL for this, but if it >> requires breaking backwards compatibility to get it right, I think we >> should still do it. > Btw., should we also consider making similar changes on the libpq side? I think that breaking compatibility of libpq's behavior is a whole lot harder sell than changing things in a way that only affects what people have to put into postgresql.conf. We've always treated the latter as something that can change across major versions. In particular, I observe that we get pushback anytime we break something in a way that makes SSL config files be required on the client side; see bug #6302 for most recent example. regards, tom lane
В списке pgsql-hackers по дате отправления: