On Wed, Apr 16, 2014 at 6:49 PM, Albe Laurenz <laurenz.albe@xxxxxxxxxx> wrote:
Dev Kumkar wrote:
>> Unless somebody changes the setting to ssl=on, there should be no problem.
> Thanks also please help to understand - does changing this postgresql.conf setting enough to beJust changing the setting will only cause your database server to error
> vulnerable here?
out on restart - you also need to create certificates and put them into
the server directory.
So whoever does this change must know what they are doing (to some extent).
Once SSL has been enabled, a cunning attacker may be able to steal
the server's private key (if I understood the vulnerability correctly)
and then launch man-in-the-middle attacks, i.e. impersonate the server,
to eavesdrop on encrypted communication.
The remedy would be to create a new key pair for the server.
Yours,
Laurenz Albe
Thanks, this really helps. Currently we are not creating certificate and working in non SSL mode.
Regards...