Then they may as well not have bothered with generating a key in the
first place since an attacker can generate one of his own just as
easily...
Actually that's not entirely true. A non-authenticated connection
still protects against passive attacks like sniffers. But active
attacks are known in the wild.
greg
On 21 Oct 2008, at 09:04 AM, Peter Eisentraut <[EMAIL PROTECTED]> wrote:
Magnus Hagander wrote:
Robert Haas wrote:
How can you make that the default? Won't it immediately break
every
installation without certificates?
*all* SSL installations have certificate on the server side. You
cannot
run without it.
s/without certificates/with self-signed certificates/
which I would guess to be a common configuration
Self-signed still work. In a self-signed scenario, the server
certificate *is* the CA certificate.
But the user needs to copy the CA to the client, which most people
probably don't do nowadays.
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
