> Hi,
> I¡¯m using postgreSQL with SSL these days. The version I¡¯m
> using is 8.0.3. I found that it¡¯s impossible to use an
> encrypted key file.
> When you use a protected server.key file, you will be
> prompted to input your passphrase EVERYTIME IT¡¯S USED, not
> only when you start the server but also when a client makes a
> connection. So you have to leave the key file un-protected. I
> think it¡¯s a serious vulnerability since the security relies
> on the secrecy of the private key. Without encryption, the
> only thing we can use to protect the private key is the
> access control mechanism provided by the OS.
> Any comments on this issue?
If you don't trust the access control provided by the OS, why are you putting sensitive data on it?
If one can break your access control in the OS they can read all your data anyway - they don't even need to sniff the wire and decrypt it using the key. Or they can just change the passwords of your users and connect - or *change* they key.
If you're still concerned, it should be possible to mount is using a crypto loopback device which wuold require a password to get it in there (note! haven't tried it, but it should work). That would save you against someone rebooting your server on a separate OS and try to read it, but not against someone cracking the system while it's running. But again, your data would be just as vulnerable, so I don't really see the gain.
//Magnus
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@xxxxxxxxxxxxxx so that your
message can get through to the mailing list cleanly
