Re: PKI/SSL Client/Server Certificate Authentication - Mailing list pgsql-admin

From Tom Lane
Subject Re: PKI/SSL Client/Server Certificate Authentication
Date
Msg-id 25602.1137168524@sss.pgh.pa.us
Whole thread Raw
In response to PKI/SSL Client/Server Certificate Authentication  ("Brian A. Seklecki" <lavalamp@spiritual-machines.org>)
Responses Re: PKI/SSL Client/Server Certificate Authentication
List pgsql-admin
"Brian A. Seklecki" <lavalamp@spiritual-machines.org> writes:
> If a "bad person" were to somehow obtain a copy of the source code with a
> password embedded in the connect string (Steal it from a developer who
> uses Windows, or maybe convince Apache to not interpret PHP before sending
> to the client, something stupid like that), they would still be unable to
> connect without a client certificate.

So they steal the client certificate file instead of (the file
containing) the password.  How exactly is this more secure?

            regards, tom lane

pgsql-admin by date:

Previous
From: Tom Lane
Date:
Subject: Re: [GENERAL] Problem with restoring database from 7.3.1 to 8.0.1
Next
From: "Brian A. Seklecki"
Date:
Subject: Re: PKI/SSL Client/Server Certificate Authentication