Bruce Momjian <bruce@momjian.us> writes:
> We changed Postgres 9.6 to allow open group permissions on the
> _server_'s SSL key if it was owned by root:
> Allow the server's <acronym>SSL</> key file to have group read
> access if it is owned by <literal>root</> (Christoph Berg)
> Is this something we should change on the client? I don't see why not,
> but the 'root' requirement would still remain.
I'm pretty suspicious of doing this on the client side. It doesn't seem
as useful, and it would open up a bunch of issues concerning e.g. what
cert authentication actually is authenticating.
regards, tom lane
--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs