Re: Relaxing SSL key permission checks

On 02/18/2016 08:22 PM, Tom Lane wrote:

> Now, I have heard it argued that the OpenSSH/L authors are a bunch of
> idiots who know nothing about security.  But it's not like insisting
> on restrictive permissions on key files is something we invented out
> of the blue.  It's pretty standard practice, AFAICT.
>
>             regards, tom lane

I think Tom has the right compromise. It must be 0600 for us, and 0640 
or less for root. That opens up the ability for other systems to have 
what it needs (although I am unsure of how Windows handles this) and 
allows us to keep a modicum of self respect in terms of what we allow.

Sincerely,

JD


-- 
Command Prompt, Inc.                  http://the.postgres.company/                        +1-503-667-4564
PostgreSQL Centered full stack support, consulting and development.
Everyone appreciates your honesty, until you are honest with them.