Home > mailing lists

Re: Spoofing as the postmaster - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Spoofing as the postmaster
Date	December 22, 2007 17:05:22
Msg-id	25142.1198346687@sss.pgh.pa.us Whole thread Raw
In response to	Re: Spoofing as the postmaster (Peter Eisentraut <peter_e@gmx.net>)
Responses	Re: Spoofing as the postmaster ("Mike Rylander" <mrylander@gmail.com>)
List	pgsql-hackers

Tree view

Peter Eisentraut <peter_e@gmx.net> writes:
> Wouldn't SSL work over Unix-domain sockets as well?  The API only deals with 
> file descriptors.

Hmm ... we've always thought of SSL as being primarily comm security
and thus useless on a Unix socket, but the mutual authentication aspect
could come in handy as an answer for this type of threat.  Anyone want
to try this and see if it really works or not?

Does OpenSSL have a mode where it only does mutual auth and not
encryption?  The encryption would be wasted cycles in this scenario,
so being able to turn it off would be nice.
        regards, tom lane

pgsql-hackers by date:

From: Magnus Hagander
Date: 22 December 2007, 15:14:33
Subject: Re: Spoofing as the postmaster

From: "Mike Rylander"
Date: 22 December 2007, 17:51:50
Subject: Re: Spoofing as the postmaster

Re: Spoofing as the postmaster - Mailing list pgsql-hackers

Previous

Next