#30370: Add support for postgresql client certificates and key to dbshell. -------------------------------------+------------------------------------- Reporter: Oleh Mykytyuk | Owner: Oleh Type: | Mykytyuk Cleanup/optimization | Status: closed Component: Database layer | Version: master (models, ORM) | Severity: Normal | Resolution: fixed Keywords: dbshell postgresql | Triage Stage: Ready for certificate | checkin Has patch: 1 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 -------------------------------------+-------------------------------------
Comment (by Oleh Mykytyuk): Replying to [comment:9 Robert Kisteleki]: > I'd like to ask for reconsideration of the severity of this from "optimization" to "security" or such. > > As it stands, users connecting to a Postgres server with the CLI (psql), if configured properly, will connect verifiably using TLS, giving the impression that the setup is correct the connection is secured. However, this is a false impression as even if the configuration is perfect, Django settings are such that these options are specified, the actual working *code* will not use a secure channel. > > As a consequence, passwords, keys, PII and the like will travel in clear text between the application and the database. > > Ultimately, I'd like this patch to be added to the 2.2 LTS release too. > > Thanks! I can't change from optimization to security. Available options for the severity are "normal", "release blocker". Available options for type are: uncategorized/new feature/bug/cleanup/optimization. Can I ask you to advise me on what I have to change? -- Ticket URL: <https://code.djangoproject.com/ticket/30370#comment:10> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/071.e16c398773b80d40059e035f0e41ac90%40djangoproject.com.