Hello,
I am trying to harden my application against man-in-the-middle attacks.
The application, written in PHP, communicates with the PostgreSQL server
using the usual pg_* functions built on the libpq library. I have the
proper postgresql.key and postgresql.crt files installed on the Web server
(PostgreSQL client) and the server.key, server.crt and root.crt files
installed on the PostgreSQL server. My understanding is that when PHP
issues a pg_connect() function, libpq supplies the client certificate to
the PostgreSQL server and the PostgreSQL server checks the signature on
the certificate against the signature of the trusted CA in root.crt. If
they match, it's go time!
My concern is that an attacker could impersonate the PostgreSQL server,
intercept the initial pg_connect() request, submit it's own certificate to
the client and steal the log in credentials. Is this possible and, if so,
is there a way for PHP, through libpq, to check the certificate supplied
by the server to determine that it is submitted by a trusted CA?
I have submitted the same question to the PHP-DB mailing list, but a
respondent said that this would be handled by PostgreSQL not PHP. Of
course, since I'm writing my code in PHP, I'm hoping to be able to handle
this in the PHP code.
Thanks for any guidance.
Sincerely,
Angus Atkins-Trimnell