Bruce Momjian wrote: > Brendan Jurd wrote: >> On Dec 23, 2007 1:25 PM, Bruce Momjian <[EMAIL PROTECTED]> wrote: >>> I have written documentation for this item: >>> >>> http://momjian.us/tmp/pgsql/server-shutdown.html#SERVER-SPOOFING >>> >>> Comments? >> I thought the content made sense, but the location didn't. I wouldn't >> expect to find instructions on configuring Postgres for secure >> operation under a section about how to shut the server down. >> >> I realise that in order for the exploit to occur, the server must be >> shut down (or not yet started), but unless a user already knows about >> the way the exploit works, how will they know to look for info about >> it here? >> >> IMO by putting this guidance under "Shutting Down" you're going to >> hurt the chances of anyone stumbling across it. I doubt you'd get >> many users reading "Shutting Down" at all because in most cases, it's >> an easy or obvious thing to do (initscripts provided by package and >> pg_ctl are self-explanatory). > > Agreed. I moved it up to its own section: > > http://momjian.us/tmp/pgsql/preventing-server-spoofing.html > > I improved the wording slightly too. >
The server doesn't need a root.crt certificate really - but it does need the *server* certificate (server.key/server.crt). root.crt is only used to verify *client* certificates, which is a different thing from what you're outlining here. Out of curiosity, does any of the other databases out there "solve" this somehow? Or any non-databases too, really. To me this seems like a general problem for *any* kind of server processes - at least any that runs with port >1024 on Unix (and any at all on win32, since they don't check the port number there). //Magnus ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster