Re: [HACKERS] Spoofing as the postmaster

2007-12-24 Thread Bruce Momjian
Bruce Momjian wrote: > Tom Lane wrote: > > 2. Improve our documentation about how to set up mutual authentication > > under SSL (it's a bit scattered now). > > > > 3. Recommend using mutual auth even for local connections, if a server > > containing sensitive data is to be run on a machine that al

Re: [HACKERS] Spoofing as the postmaster

2007-12-24 Thread Bruce Momjian
Tom Lane wrote: > 2. Improve our documentation about how to set up mutual authentication > under SSL (it's a bit scattered now). > > 3. Recommend using mutual auth even for local connections, if a server > containing sensitive data is to be run on a machine that also hosts > untrusted users. > >

Re: [HACKERS] Spoofing as the postmaster

2007-12-24 Thread Mark Mielke
Bruce Momjian wrote: Mark Mielke wrote: I agree - I forgot there were different flavours. I think any of these are just as good as SSL with public key authentication, and perhaps a lot cheaper in terms of performance. The only piece of information missing is the uid to compare against, wh

Re: [HACKERS] Spoofing as the postmaster

2007-12-24 Thread Bruce Momjian
Mark Mielke wrote: > Gregory Stark wrote: > > "Mark Mielke" <[EMAIL PROTECTED]> writes: > > > >> UNIX socket kernel credential passing was mentioned in an earlier post, > >> but I > >> didn't see it raised again. > >> > > > > I mentioned getsockopt(SO_PEERCRED) which isn't the same as cre

Re: [HACKERS] Spoofing as the postmaster

2007-12-24 Thread Bruce Momjian
Tomasz Ostrowski wrote: > > Fundamentally these are man-in-the-middle attacks, and the only real > > solution is mutual authentication. > > The problem is not many people expect man-in-the-middle attack on > secure lan, localhost or local socket connection, so they'll not try > to prevent it. Agr

Re: [HACKERS] Spoofing as the postmaster

2007-12-24 Thread Bruce Momjian
Mike Rylander wrote: > On Dec 22, 2007 1:04 PM, Tom Lane <[EMAIL PROTECTED]> wrote: > > Peter Eisentraut <[EMAIL PROTECTED]> writes: > > > Wouldn't SSL work over Unix-domain sockets as well? The API only deals > > > with > > > file descriptors. > > > > Hmm ... we've always thought of SSL as being

Re: [HACKERS] Spoofing as the postmaster

2007-12-24 Thread Mark Mielke
Gregory Stark wrote: "Mark Mielke" <[EMAIL PROTECTED]> writes: UNIX socket kernel credential passing was mentioned in an earlier post, but I didn't see it raised again. I mentioned getsockopt(SO_PEERCRED) which isn't the same as credential passing. It just tells you what uid is on the