- |
- Eavesdropping
- If a third party can examine the network traffic between the
+
+
+ Eavesdropping
+
+
If a third party can examine the network traffic between the client and the server, it can read both connection information (including
the user name and password) and the data that is passed.
SSL uses encryption to prevent this.
-
-
+
+
+
- |
-
Man in the middle (MITM)- If a third party can modify the data while passing between the
+
+
Man in the middle (MITM)+
+
If a third party can modify the data while passing between the client and server, it can pretend to be the server and therefore see and
modify data even if it is encrypted. The third party can then
forward the connection information and data to the original server,
to a different server than intended. There are also several other
attack methods that can accomplish this.
SSL uses certificate verification to prevent this, by authenticating the server to the client.
-
-
+
+
+
- |
- Impersonation
- If a third party can pretend to be an authorized client, it can
+
+ Impersonation
+
+
If a third party can pretend to be an authorized client, it can simply access data it should not have access to. Typically this can
happen through insecure password management.
SSL uses client certificates to prevent this, by making sure that only holders
of valid certificates can access the server.
- entry>
- row>
- tbody>
- tgroup>
- table>
+ para>
+ listitem>
+ varlistentry>
+ variablelist>
+ para>
For a connection to be known secure, SSL usage must be configured
All
SSL options carry overhead in the form of encryption and key-exchange, so there is a tradeoff that has to be made between performance
- and security. The following table illustrates the risks the different
- sslmode values protect against, and what statement they make
- about security and overhead:
+ and security.
+ illustrates the risks the different sslmode values
+ protect against, and what statement they make about security and overhead.
SSL Client File Usage
+
+ summarizes the files that are
+ relevant to the SSL setup on the client.
+
+
Libpq/Client SSL File Usage
=, <>,
<, >, <=, >=.
Comparison sorts in the order of a tree traversal, with the children
- of a node sorted by label text. In addition, there are the following
- specialized operators:
+ of a node sorted by label text. In addition, the specialized
+ operators shown in are available.
- The following functions are available:
+ The available functions are shown in .
A number of standard probes are provided in the source code,
- as shown in .
- More can certainly be added to enhance
PostgreSQL's- observability.
+ as shown in ;
+
+ shows the types used in the probes. More probes can certainly be
+ added to enhance
PostgreSQL's observability.
Functions and Operators
+ The functions provided by the pg_trgm module
+ are shown in , the operators
+ in .
+
+
<filename>pg_trgm</filename> Functions
SSL Server File Usage
- The files server.key, server.crt,
- root.crt, and root.crl
- are only examined during server start; so you must restart
- the server for changes in them to take effect.
-
+
+ summarizes the files that are
+ relevant to the SSL setup on the server.
+
SSL Server File Usage
projects / postgresql.git / commitdiff