Hi,
A possible countermeasure on Windows platform,
inspired by Magnus.Thanks ;)
First we remove the passphrase from the key file,
making it plain.
Windows provides a feature "encrypted file system",
provide transparent encryption/decryption. We can log
on using the account we run Postgres with and encrypt
the plaintext key file. Then we logon using another
non-amin account, and start postgres using "runas"
service. Therefore the file is encrypted, only the
Postgres acount and the recovery agent(built-in
administrator by default) can read/modify it. The file
will remain encrypted when restored from backup.
I've tested it on my computer and it works.
cheers,
Changyu
--- dong changyu <dcy1_1999@yahoo.com> wrote:
> Hi,
> I¡¯m using postgreSQL with SSL these days. The
> version
> I¡¯m using is 8.0.3. I found that it¡¯s impossible
> to
> use an encrypted key file.
> When you use a protected server.key file, you will
> be
> prompted to input your passphrase EVERYTIME IT¡¯S
> USED, not only when you start the server but also
> when
> a client makes a connection. So you have to leave
> the
> key file un-protected. I think it¡¯s a serious
> vulnerability since the security relies on the
> secrecy
> of the private key. Without encryption, the only
> thing
> we can use to protect the private key is the access
> control mechanism provided by the OS.
> Any comments on this issue?
>
> cheers,
> Changyu
>
>
>
>
> __________________________________
> Discover Yahoo!
> Have fun online with music videos, cool games, IM
> and more. Check it out!
> http://discover.yahoo.com/online.html
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org
>
__________________________________
Discover Yahoo!
Find restaurants, movies, travel and more fun for the weekend. Check it out!
http://discover.yahoo.com/weekend.html
