#30370: Add support for postgresql client certificates and key to dbshell.
-------------------------------------+-------------------------------------
Reporter: Oleh Mykytyuk | Owner: Oleh
Type: | Mykytyuk
Cleanup/optimization | Status: closed
Component: Database layer | Version: master
(models, ORM) |
Severity: Normal | Resolution: fixed
Keywords: dbshell postgresql | Triage Stage: Ready for
certificate | checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Robert Kisteleki):
I'd like to ask for reconsideration of the severity of this from
"optimization" to "security" or such.
As it stands, users connecting to a Postgres server with the CLI (psql),
if configured properly, will connect verifiably using TLS, giving the
impression that the setup is correct the connection is secured. However,
this is a false impression as even if the configuration is perfect, Django
settings are such that these options are specified, the actual working
*code* will not use a secure channel.
As a consequence, passwords, keys, PII and the like will travel in clear
text between the application and the database.
Ultimately, I'd like this patch to be added to the 2.2 LTS release too.
Thanks!
--
Ticket URL: <https://code.djangoproject.com/ticket/30370#comment:9>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/071.7f95aaab94e1b0e3c202358c750c8daa%40djangoproject.com.
