Andrew Dunstan wrote:
>
>
> Peter Eisentraut wrote:
>> Bruce Momjian wrote:
>>
>>> The fundamental problem is that because we don't require root, any
>>> user's
>>> postmaster or pretend postmaster is as legitimate as anyone else's. SSL
>>> certificates add legitimacy checks for TCP, but not for unix domain
>>> sockets.
>>>
>>
>> Wouldn't SSL work over Unix-domain sockets as well? The API only
>> deals with file descriptors.
>>
>>
>
> But we don't check the SSL cert's credentials in the client, AFAIK. That
> means that postmaster spoofer could just as easily spoof SSL.
> Communications between the client and the endpoint will be protected,
> but there is no protection from a man in the middle attack, which is
> what this is.
We do if you put the CA cert on the client.
//Magnus