Atkins-Trimnell, Angus Black wrote:
> Hello,
>
> I am trying to harden my application against man-in-the-middle attacks.
> The application, written in PHP, communicates with the PostgreSQL server
> using the usual pg_* functions built on the libpq library. I have the
> proper postgresql.key and postgresql.crt files installed on the Web server
> (PostgreSQL client) and the server.key, server.crt and root.crt files
> installed on the PostgreSQL server. My understanding is that when PHP
> issues a pg_connect() function, libpq supplies the client certificate to
> the PostgreSQL server and the PostgreSQL server checks the signature on
> the certificate against the signature of the trusted CA in root.crt. If
> they match, it's go time!
>
> My concern is that an attacker could impersonate the PostgreSQL server,
> intercept the initial pg_connect() request, submit it's own certificate to
> the client and steal the log in credentials. Is this possible and, if so,
> is there a way for PHP, through libpq, to check the certificate supplied
> by the server to determine that it is submitted by a trusted CA?
>
> I have submitted the same question to the PHP-DB mailing list, but a
> respondent said that this would be handled by PostgreSQL not PHP. Of
> course, since I'm writing my code in PHP, I'm hoping to be able to handle
> this in the PHP code.
I think you need to read the Postgres 8.3 docs on the subject:
http://www.postgresql.org/docs/8.3/static/ssl-tcp.html
http://www.postgresql.org/docs/8.3/static/libpq-ssl.html
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +