On Fri, Mar 24, 2023 at 5:47 PM Jacob Champion <jchamp...@timescale.com> wrote: > Okay, but this is walking back from the network example you just > described upthread. Do you still consider that in scope, or...?
Sorry, I don't know which example you mean. > > If machines B and C aren't under our control such that we can > > configure them that way, then the configuration is fundamentally > > insecure in a way that we can't really fix. > > Here's probably our biggest point of contention. You're unlikely to > convince me that this is the DBA's fault. > > If machines B and C aren't under our control, then our *protocol* is > fundamentally insecure in a way that we have the ability to fix, in a > way that's already been characterized in security literature. I guess I wouldn't have a problem blaming the DBA here, but you seem to be telling me that the security literature has settled on another kind of approach, and I'm not in a position to dispute that. It still feels weird to me, though. -- Robert Haas EDB: http://www.enterprisedb.com