1) No roots (but still works for some unknown reason)
2) Explicitly configured corporate roots
3) Explicitly configured corporate roots, AND global roots
4) Global roots (but still works for some unknown reason)
Keep in mind that at least Debian distributes a ca-certificates package,
and I can't imagine they're alone.
My guess is you'll find both options 1 and 2 fairly often, and 3 and 4
very seldom.
(Note that if you configure libpq for no roots, it will accept any
certificate without verifying the chain)
So, if you do nothing special, it's #1? Sounds like the path of least
resistance is no security. Uh oh.
That's one of the things, yeah, agreed. I meant the internals part only
as an argument for why you'll see most pg deployments not using global
certs.
OTOH, if your firewall lets your clients (or even worse - your webserver
or so) connect out to arbitrary machines on the PostgreSQL port, it can
easily be argued that you have a lot of homework to do elsewhere as well
;-) But that's just a mitigating factor, and not a solution.
It's hard enough to manage inbound firewall rules. Outbound?
Fuggetaboutit :)
--Dan
--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs
