On 02/18/2016 08:22 PM, Tom Lane wrote:
Now, I have heard it argued that the OpenSSH/L authors are a bunch of idiots who know nothing about security. But it's not like insisting on restrictive permissions on key files is something we invented out of the blue. It's pretty standard practice, AFAICT.regards, tom lane
I think Tom has the right compromise. It must be 0600 for us, and 0640 or less for root. That opens up the ability for other systems to have what it needs (although I am unsure of how Windows handles this) and allows us to keep a modicum of self respect in terms of what we allow.
Sincerely, JD -- Command Prompt, Inc. http://the.postgres.company/ +1-503-667-4564 PostgreSQL Centered full stack support, consulting and development. Everyone appreciates your honesty, until you are honest with them. -- Sent via pgsql-hackers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
