Home > mailing lists

Re: BUG #3809: SSL "unsafe" private key permissions bug - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: BUG #3809: SSL "unsafe" private key permissions bug
Date	December 8, 2007 22:57:54
Msg-id	28918.1197158254@sss.pgh.pa.us Whole thread Raw
In response to	Re: BUG #3809: SSL "unsafe" private key permissions bug (Alvaro Herrera <alvherre@alvh.no-ip.org>)
Responses	Re: BUG #3809: SSL "unsafe" private key permissions bug
List	pgsql-bugs

Tree view

Alvaro Herrera <alvherre@alvh.no-ip.org> writes:
> Gregory Stark wrote:
>> Storing your keys on a usb stick (which usually use fat filesystems)
>> isn't really such a crazy idea either.

> Storing a server SSL key on a USB stick is not crazy?  I don't follow.
> What use case do you have for that?

It's worth pointing out also that we require server.key to be directly
in the $PGDATA directory, which means that any filesystem limitations on
its permissions info are going to apply to the $PGDATA directory itself.

Curiously enough, the access-permission checks on both $PGDATA and
$PGDATA/server.key are diked out in WIN32 builds, but I consider that
a bug we should fix, not a feature to be extended.

            regards, tom lane

pgsql-bugs by date:

From: "A. Ozen Akyurek"
Date: 08 December 2007, 20:26:46
Subject: BUG #3810: OleDB recognizes blob columns as integer in Delphi 6.0

From: Gregory Stark
Date: 08 December 2007, 23:54:24
Subject: Re: BUG #3809: SSL "unsafe" private key permissions bug

Re: BUG #3809: SSL "unsafe" private key permissions bug - Mailing list pgsql-bugs

Previous

Next