On Fri, 13 Jan 2006, Tom Lane wrote:
"Brian A. Seklecki" <lavalamp@xxxxxxxxxxxxxxxxxxxxxx> writes:
If a "bad person" were to somehow obtain a copy of the source code with a
password embedded in the connect string (Steal it from a developer who
uses Windows, or maybe convince Apache to not interpret PHP before sending
to the client, something stupid like that), they would still be unable to
connect without a client certificate.
So they steal the client certificate file instead of (the file
containing) the password. How exactly is this more secure?
You'd have to get a local shell on the server *plus* the password.
If a hacker can get a local shell on your web server (not a multi-user
environment, obviously), and the Web server isn't in a jail, then they've
probably got your database server too, and you might as well pack up and
head home.
But with OCSP, the CA for the organization can revoke the validity of a
Cert at any time by updating the CRL.
The password is entirely optional for the user. When you've got a Vhost
running multiple Apps talking to the same BD, and the Web servers runs as
the "www" or "http" user, you can even plug multiple database user
passwords into user ~/www/.pgpass and the username is mapped via the
Client X.509 cert.
In short, it's a deterrent to hackers and a convenience to admins. But we
all know if someone wants in, they'll get in and it won't be some kind of
attack a weakness in X.509 PKI, it will be the develpoer on Windows that
opens the e-mail with the attachment (or image file!)
~BAS
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
l8*
-lava
x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8