Re: vulnerability/SSL

Hi Marco,
The problem I described in the first mail is that
because of some unknown reasons, if you save the
server.key file with a passphrase, you will be
prompted to enter the passphrase every time you start
the server AND a client make a connection, which
actually forbids us to use a passphrase to protect the
key file, therefore the key file have to be saved in
plaintext without encryption.
EFS is a feature provided by Windows which will
encrypt any selected file using a symmetric algorithm,
the symmetric key will encrypted by the user¡¯s public
key and the recovery agent¡¯s public key and the
encrypted key will be saved within the file header.
Thus only the user and recovery agent can decrypt it.
And for another user, he cannot even open it (but can
delete it). So we can ensure no one can read and
modify it. Decryption is transparent to users and
applications. The operation system will do it
automatically if it can find appropriate private key.
The difference between this and -r--------  1 postgres
postgres    50 Jan 15 21:15
is that the file is encrypted using EFS, while the
latter is remain plaintext.
When you backup the file, it remains encrypted. If you
restore the file to a file system which doesn¡¯t
support EFS (non-NTFS), it will corrupt, else it will
remain encrypted.

cheers,
Changyu

--- Marco Colombo <pgsql@esiway.net> wrote:

>
> You mean that every process that runs as "postgres"
> has the ability to
> read the file _without typing any password_? Or when
> you start
> PostgreSQL it prompts for one? Can "administrator"
> read it _without
> knowing password_?
>
> I may be missing something, but what's the
> difference with a file like
> this:
>
> -r--------  1 postgres postgres    50 Jan 15 21:15
> akey
>
> in any Unix system? Only "postgres" and "root" can
> read it.
>
> How about backups? Does the backup process (I assume
> it runs as
> administrator) store the key in cleartext?
>
> .TM.
> --
>       ____/  ____/   /
>      /      /       /                   Marco
> Colombo
>     ___/  ___  /   /                  Technical
> Manager
>    /          /   /                      ESI s.r.l.
>  _____/ _____/  _/
> Colombo@ESI.it
>
>

> On Wed, 2005-06-08 at 10:00 -0700, dong changyu
> wrote:
> > Hi,
> > A possible countermeasure on Windows platform,
> > inspired by Magnus.Thanks ;)
> > First we remove the passphrase from the key file,
> > making it plain.
> > Windows provides a feature "encrypted file
> system",
> > provide transparent encryption/decryption. We can
> log
> > on using the account we run Postgres with and
> encrypt
> > the plaintext key file. Then we logon using
> another
> > non-amin account, and start postgres using "runas"
> > service. Therefore the file is encrypted, only the
> > Postgres acount and the recovery agent(built-in
> > administrator by default) can read/modify it. The
> file
> > will remain encrypted when restored from backup.
> > I've tested it on my computer and it works.
> >
> > cheers,
> > Changyu

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com