Re: BUG #3809: SSL "unsafe" private key permissions bug

Alvaro Herrera <alvherre@alvh.no-ip.org> writes:
> Gregory Stark wrote:
>> Storing your keys on a usb stick (which usually use fat filesystems)
>> isn't really such a crazy idea either.

> Storing a server SSL key on a USB stick is not crazy?  I don't follow.
> What use case do you have for that?

It's worth pointing out also that we require server.key to be directly
in the $PGDATA directory, which means that any filesystem limitations on
its permissions info are going to apply to the $PGDATA directory itself.

Curiously enough, the access-permission checks on both $PGDATA and
$PGDATA/server.key are diked out in WIN32 builds, but I consider that
a bug we should fix, not a feature to be extended.

            regards, tom lane