Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
| От | Tom Lane |
|---|---|
| Тема | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |
| Дата | |
| Msg-id | 5499.1240237618@sss.pgh.pa.us обсуждение |
| Ответ на | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt (Magnus Hagander <magnus@hagander.net>) |
| Ответы |
Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
|
| Список | pgsql-bugs |
Magnus Hagander <magnus@hagander.net> writes:
> Patch also changes the default from "prefer" to "disable", per discussion.
I confess to not having paid attention to this thread for awhile.
I have to violently object to this conclusion --- it is throwing the
baby out with the bathwater. Under the pretense of being "secure by
default" it will in fact make things *less* secure. A minimum
requirement in my view is that existing configurations should continue
to work and be no less secure than before. Having a connection that
was encrypted in 8.3 silently become clear-text after installing 8.4
is just plain NOT acceptable.
I think the patch would be fine if we simply keep the default where
it is, however. Is there some point I am missing that compels
selection of a less-secure default?
regards, tom lane
В списке pgsql-bugs по дате отправления: