On Fri, Dec 8, 2023 at 05:42:27PM +0000, PG Doc comments form wrote:
> The following documentation comment has been logged on the website:
>
> Page: https://www.postgresql.org/docs/16/preventing-server-spoofing.html
> Description:
>
> When I read:
> To prevent spoofing on TCP connections, either use SSL certificates and make
> sure that clients check the server's certificate, or use GSSAPI encryption
> (or both, if they're on separate connections).
>
> It takes some thought to figure out what "separate connections" are being
> referred to. Does it mean separate TLS connection and
> non-tls-with-gssapi-encryption?
I have no idea. It was added in this commit:
commit b0b39f72b9
Author: Stephen Frost <sfrost@snowman.net>
Date: Wed Apr 3 15:02:33 2019 -0400
GSSAPI encryption support
On both the frontend and backend, prepare for GSSAPI encryption
support by moving common code for error handling into a separate file.
Fix a TODO for handling multiple status messages in the process.
Eliminate the OIDs, which have not been needed for some time.
...
I have CC'ed the patch author.
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EDB https://enterprisedb.com
Only you can decide what is important to you.