"Tom Lane" <[EMAIL PROTECTED]> writes: > Actually, I had missed that the OP was looking at 7.3 rather than 8.3. > There was a "verify_peer()" in 7.3 but it was #ifdef'd out. The > question remains whether there's a reason to have it. It would be good > if the discussion were based on a non-obsolete PG version ...
Well in theory SSL without at least one-way authentication is actually worthless. It's susceptible to man-in-the-middle attacks meaning someone can sniff all the contents or even inject into or take over connections. It is proof against passive attacks but active attacks are known in the field so that's cold comfort these days. -- Gregory Stark EnterpriseDB http://www.enterprisedb.com Get trained by Bruce Momjian - ask me about EnterpriseDB's PostgreSQL training! -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
