Re: unclear wording re: spoofing prevention on network connections

Поиск
Список
Период
Сортировка
От Stephen Frost
Тема Re: unclear wording re: spoofing prevention on network connections
Дата
Msg-id CAOuzzgpKGS5HtT5e=5DsKuUmm0Q2MQkp_n0vWBk0y74g6qzdTg@mail.gmail.com
обсуждение исходный текст
Ответ на Re: unclear wording re: spoofing prevention on network connections  (Bruce Momjian <bruce@momjian.us>)
Ответы Re: unclear wording re: spoofing prevention on network connections  ("David G. Johnston" <david.g.johnston@gmail.com>)
Список pgsql-docs
Дерево обсуждения
Greetings,

On Sat, Dec 9, 2023 at 17:29 Bruce Momjian <bruce@momjian.us> wrote:
On Fri, Dec  8, 2023 at 05:42:27PM +0000, PG Doc comments form wrote:
> The following documentation comment has been logged on the website:
>
> Page: https://www.postgresql.org/docs/16/preventing-server-spoofing.html
> Description:
>
> When I read:
> To prevent spoofing on TCP connections, either use SSL certificates and make
> sure that clients check the server's certificate, or use GSSAPI encryption
> (or both, if they're on separate connections).
>
> It takes some thought to figure out what "separate connections" are being
> referred to.  Does it mean separate TLS connection and
> non-tls-with-gssapi-encryption?

Short answer here is “yes, you understand correctly.”

I have no idea.  It was added in this commit:


Agreed that the wording isn’t great.

The idea is that you can use both TLS and GSSAPI-with-encryption at the same time within a given cluster for connections but you wouldn’t use them on the same connection.  Certainly would welcome suggestions as to the best way to phrase that.

Thanks,

Stephen

В списке pgsql-docs по дате отправления:

Предыдущее
От: Bruce Momjian
Дата:
Сообщение: Re: unclear wording re: spoofing prevention on network connections
Следующее
От: "David G. Johnston"
Дата:
Сообщение: Re: unclear wording re: spoofing prevention on network connections