Home > mailing lists

Re: Spoofing as the postmaster - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: Spoofing as the postmaster
Date	December 23, 2007 12:03:20
Msg-id	200712231303.lBND31223521@momjian.us Whole thread Raw
In response to	Re: Spoofing as the postmaster (Peter Eisentraut <peter_e@gmx.net>)
List	pgsql-hackers

Tree view

Peter Eisentraut wrote:
> Bruce Momjian wrote:
> > Bruce Momjian wrote:
> > > I think at a minimum we need to add documentation that states if you
> > > don't trust the local users on the postmaster server you should:
> > >
> > >     o  create unix domain socket files in a non-world-writable
> > >        directory
> > >     o  require SSL server certificates for TCP connections
> >
> > I have written documentation for this item:
> >
> >     http://momjian.us/tmp/pgsql/server-shutdown.html#SERVER-SPOOFING
> >
> > Comments?
> 
> What you actually need on the client side is ~/.postgresql/root.crt, not 
> ~/.postgresql/postgresql.crt as you wrote.

Thanks, updated:
http://momjian.us/tmp/pgsql/preventing-server-spoofing.html

(I mentioned the file name specificly so people like me wouldn't get
confused.)  :-)

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://postgres.enterprisedb.com
 + If your life is a hard drive, Christ can be your backup. +

pgsql-hackers by date:

From: Magnus Hagander
Date: 23 December 2007, 11:20:10
Subject: Re: Spoofing as the postmaster

From: Bruce Momjian
Date: 23 December 2007, 12:17:00
Subject: Re: Spoofing as the postmaster

Re: Spoofing as the postmaster - Mailing list pgsql-hackers

Previous

Next