Re: [BUGS] BUG #14543: libpq fails with group readable ssl keys

Bruce Momjian <bruce@momjian.us> writes:
> We changed Postgres 9.6 to allow open group permissions on the
> _server_'s SSL key if it was owned by root:
>     Allow the server's <acronym>SSL</> key file to have group read
>     access if it is owned by <literal>root</> (Christoph Berg)
> Is this something we should change on the client?  I don't see why not,
> but the 'root' requirement would still remain.

I'm pretty suspicious of doing this on the client side.  It doesn't seem
as useful, and it would open up a bunch of issues concerning e.g. what
cert authentication actually is authenticating.

            regards, tom lane


-- 
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs