Jose Berardo <joseberardo@xxxxxxxxx> writes: >>> - Is it possible to store the server.key in a ciphered file with >> No. > I believe that it may be a good idea, it may bring another security level, Not really. > Just saving the private key file inside the cluster with no privilegies for > other users (the server suggests 0600 mask for it) is still sufficient to > protected the key? If someone can access that file, they can also attach to the running server process and pull the decrypted key out of it. In any case, providing the server with the key to decrypt the ssl key is not going to be convenient in operation. You're not going to want to store that key on disk are you? Do you want somebody around to manually provide it every time the server restarts? That gets old pretty fast, when all it's buying you is a largely-imaginary security gain. regards, tom lane -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
