Hello, I am trying to harden my application against man-in-the-middle attacks. The application, written in PHP, communicates with the PostgreSQL server using the usual pg_* functions built on the libpq library. I have the proper postgresql.key and postgresql.crt files installed on the Web server (PostgreSQL client) and the server.key, server.crt and root.crt files installed on the PostgreSQL server. My understanding is that when PHP issues a pg_connect() function, libpq supplies the client certificate to the PostgreSQL server and the PostgreSQL server checks the signature on the certificate against the signature of the trusted CA in root.crt. If they match, it's go time! My concern is that an attacker could impersonate the PostgreSQL server, intercept the initial pg_connect() request, submit it's own certificate to the client and steal the log in credentials. Is this possible and, if so, is there a way for PHP, through libpq, to check the certificate supplied by the server to determine that it is submitted by a trusted CA? I have submitted the same question to the PHP-DB mailing list, but a respondent said that this would be handled by PostgreSQL not PHP. Of course, since I'm writing my code in PHP, I'm hoping to be able to handle this in the PHP code. Thanks for any guidance. Sincerely, Angus Atkins-Trimnell
