On Wed, Apr 16, 2014 at 6:49 PM, Albe Laurenz <laurenz.a...@wien.gv.at>wrote:
> Dev Kumkar wrote: > >> Unless somebody changes the setting to ssl=on, there should be no > problem. > > > Thanks also please help to understand - does changing this > postgresql.conf setting enough to be > > vulnerable here? > > Just changing the setting will only cause your database server to error > out on restart - you also need to create certificates and put them into > the server directory. > > So whoever does this change must know what they are doing (to some extent). > > Once SSL has been enabled, a cunning attacker may be able to steal > the server's private key (if I understood the vulnerability correctly) > and then launch man-in-the-middle attacks, i.e. impersonate the server, > to eavesdrop on encrypted communication. > > The remedy would be to create a new key pair for the server. > > Yours, > Laurenz Albe > Thanks, this really helps. Currently we are not creating certificate and working in non SSL mode. Regards...
