2012/10/5 Iustin Pop <[email protected]>: > On Fri, Oct 05, 2012 at 06:31:05PM +0200, Michael Hanselmann wrote: >> I think you are too paranoid. If someone has access to this >> information (by getting the contents of “server.pem”), that someone >> can also read the contents of the whitelist file, which is the same on >> all nodes, or the configuration, which has the file storage paths as >> well. > > I agree that this is bordering on extreme, but I don't understand your > argument: just because I can read local server.pem, it doesn't > necessarily follow that I can read remote filepaths.
You can not read the remote paths, but since the file is required to be equal on all nodes (or else cluster-verify complains every time), you may as well read the local version. Michael
