Re: BUG #4340: SECURITY: Is SSL Doing Anything? - Mailing list pgsql-bugs

From Gregory Stark
Subject Re: BUG #4340: SECURITY: Is SSL Doing Anything?
Date
Msg-id 87tzdh5ow9.fsf@oxford.xeocode.com
Whole thread Raw
In response to Re: BUG #4340: SECURITY: Is SSL Doing Anything?  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: BUG #4340: SECURITY: Is SSL Doing Anything?
List pgsql-bugs
"Tom Lane" <tgl@sss.pgh.pa.us> writes:

> Actually, I had missed that the OP was looking at 7.3 rather than 8.3.
> There was a "verify_peer()" in 7.3 but it was #ifdef'd out.  The
> question remains whether there's a reason to have it.  It would be good
> if the discussion were based on a non-obsolete PG version ...

Well in theory SSL without at least one-way authentication is actually
worthless. It's susceptible to man-in-the-middle attacks meaning someone can
sniff all the contents or even inject into or take over connections. It is
proof against passive attacks but active attacks are known in the field so
that's cold comfort these days.

--
  Gregory Stark
  EnterpriseDB          http://www.enterprisedb.com
  Get trained by Bruce Momjian - ask me about EnterpriseDB's PostgreSQL training!

pgsql-bugs by date:

Previous
From: "Dan Boeriu"
Date:
Subject: BUG #4363: ts_query bug
Next
From: Tom Lane
Date:
Subject: Re: BUG #4340: SECURITY: Is SSL Doing Anything?