![]() If the parameter sslmode is set to verify-ca, libpq will verify that the server is trustworthy by checking the certificate chain up to the root certificate stored on the client. Once a chain of trust has been established, there are two ways for the client to validate the leaf certificate sent by the server. One or more intermediate certificates (usually stored with the leaf certificate) can also be used to link the leaf certificate to the root certificate. To allow the server to verify the identity of the client, place a root certificate on the server and a leaf certificate signed by the root certificate on the client. To allow the client to verify the identity of the server, place a root certificate on the client and a leaf certificate signed by the root certificate on the server. It is also possible to use an “ intermediate” certificate which is signed by the root certificate and signs leaf certificates. A chain of trust is established by placing a root (self-signed) certificate authority ( CA) certificate on one computer and a leaf certificate signed by the root certificate on another computer. In order to prevent spoofing, the client must be able to verify the server's identity via a chain of trust. This means that it is possible to spoof the server identity (for example by modifying a DNS record or by taking over the server IP address) without the client knowing. So this has vast consequences in environments where you don't control the network.33.18.1. Client Verification of Server Certificatesīy default, PostgreSQL will not perform any verification of the server certificate. IMO it's a basic security requirement never to send your password in the clear. However, that requires devs (and/or users) to understand that even though Djanog is configured properly and every day use (via wsgi and such) is fine, if they *ever* ask for a dbshell and not consciously set ENV variables, auth tokens and perhaps PII can be captured on the wire. in your current environment you will connect using TLS even without this change. ĭbshell uses a subprocess with a copy of the current environment, so if you set PGSSLMODE, PGSSLROOTCERT, etc. However, this is a false impression as even if the configuration is perfect. My point is that it's a security feature.Īs it stands, users connecting to a Postgres server with the CLI (psql), if configured properly, will connect verifiably using TLS, giving the impression that the setup is correct the connection is secured. ![]() ![]() I understand your argument for considering it a feature instead. ![]() It's also documented that not all options set in the OPTIONS part of your database configuration in DATABASES are passed to the command-line client. will travel in clear text only if your database allows non-ssl connections. dbshell is a utility tool and passwords, keys, etc. ![]() I don't see a security issue in this behavior. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |