Home > mailing lists

Re: sslmode=require fallback - Mailing list pgsql-hackers

From	Jeff Janes
Subject	Re: sslmode=require fallback
Date	August 19, 2016 19:22:38
Msg-id	CAMkU=1yAoA6rjprhWtuHj5+SvFAF8z70cPfFDZYu7dbNUJ53EQ@mail.gmail.com Whole thread Raw
In response to	Re: sslmode=require fallback (Bruce Momjian <bruce@momjian.us>)
Responses	Re: sslmode=require fallback (Bruce Momjian <bruce@momjian.us>)
List	pgsql-hackers

Tree view

On Sat, Jul 30, 2016 at 11:18 AM, Bruce Momjian <bruce@momjian.us> wrote:

On Fri, Jul 29, 2016 at 11:27:06AM -0400, Peter Eisentraut wrote:
> On 7/29/16 11:13 AM, Bruce Momjian wrote:
> > Yes, I am thinking of a case where Postgres is down but a malevolent
> > user starts a Postgres server on 5432 to gather passwords. Verifying
> > against an SSL certificate would avoid this problem, so there is some
> > value in using SSL on localhost. (There is no such security available
> > for Unix-domain socket connections.)
>
> Sure, there is the requirepeer connection option for that.

Oh, nice, I had not seen that.

Hi Bruce,

There is typo in the doc patch you just committed

"On way to prevent spoofing of"

s/On/One/

Cheers,

Jeff

pgsql-hackers by date:

From: Petr Jelinek
Date: 19 August 2016, 19:06:39
Subject: Re: Logical decoding restart problems

From: Konstantin Knizhnik
Date: 19 August 2016, 19:36:24
Subject: Re: Logical decoding restart problems

Re: sslmode=require fallback - Mailing list pgsql-hackers

Previous

Next