On Wed, 2020-06-03 at 19:57 -0400, Chapman Flack wrote:
> Ok, so a person in the situation described here, who is not in a position
> to demand changes in an organizational policy (whether or not it seems
> ill-conceived to you or even to him/her), is facing this question:
>
> What are the "safest" things I /can/ do, under the existing constraints,
> and /which of those will work in PostgreSQL/?
I feel bad about bending the basic idea of certificates and trust to suit
some misbegotten bureaucratic constraints on good security.
If you are working for a company that has a bad idea of security
and cannot be dissuaded from it, you point that out loudly and then
keep going. Trying to subvert the principles of an architecture
very often leads to pain in my experience.
Yours,
Laurenz Albe