Tom Lane <t...@sss.pgh.pa.us> writes: > This looks to me like re-fighting the last war. Such a GUC has zero value > *unless* some situation exactly like the POODLE bug comes up again, and > the odds of that are not high.
Many people would have said the exact same thing before POODLE, and BEAST, and CRIME, and Heartbleed. You never know what sort of bugs or weaknesses will show up or when; all you know is that there are a lot of people working very hard to find these things and exploit them, and that they *will* succeeded, again and again and again. You can gamble that PostgreSQL will not be vulnerable due to specific details of its protocol or how it uses TLS, but that's a gamble which you will eventually lose. > Moreover, the GUC could easily be misused to decrease rather than increase > one's security, if it's carelessly set. That's the user's responsibility. DES -- Dag-Erling Smørgrav - d...@des.no -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers