Hi Tom! Tom Lane [2005-10-16 0:41 -0400]: > Martin Pitt <[EMAIL PROTECTED]> writes: > > At least the certificate could be permitted to be owned/in group root. > > I cannot see how this should weaken the certificate's security. > > Postgres doesn't run as root, hence could not use such a certificate > unless it was world-readable.
Please see my original mail. If you use ACLs, postgres can very well be able to read the certificate. The point was that a key's security is not weakened if it is owned by root instead of "postgres" - to the contrary. So I don't see the point of the check that actively prohibits a key being owned by root. Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian Developer http://www.debian.org
signature.asc
Description: Digital signature
