Andrew Dunstan wrote: > > > Peter Eisentraut wrote: >> Bruce Momjian wrote: >> >>> The fundamental problem is that because we don't require root, any >>> user's >>> postmaster or pretend postmaster is as legitimate as anyone else's. SSL >>> certificates add legitimacy checks for TCP, but not for unix domain >>> sockets. >>> >> >> Wouldn't SSL work over Unix-domain sockets as well? The API only >> deals with file descriptors. >> >> > > But we don't check the SSL cert's credentials in the client, AFAIK. That > means that postmaster spoofer could just as easily spoof SSL. > Communications between the client and the endpoint will be protected, > but there is no protection from a man in the middle attack, which is > what this is.
We do if you put the CA cert on the client. //Magnus ---------------------------(end of broadcast)--------------------------- TIP 7: You can help support the PostgreSQL project by donating at http://www.postgresql.org/about/donate