summaryrefslogtreecommitdiffstats
path: root/doc/src/sgml/html/preventing-server-spoofing.html
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 12:19:15 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 12:19:15 +0000
commit6eb9c5a5657d1fe77b55cc261450f3538d35a94d (patch)
tree657d8194422a5daccecfd42d654b8a245ef7b4c8 /doc/src/sgml/html/preventing-server-spoofing.html
parentInitial commit. (diff)
downloadpostgresql-13-upstream.tar.xz
postgresql-13-upstream.zip
Adding upstream version 13.4.upstream/13.4upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/src/sgml/html/preventing-server-spoofing.html')
-rw-r--r--doc/src/sgml/html/preventing-server-spoofing.html44
1 files changed, 44 insertions, 0 deletions
diff --git a/doc/src/sgml/html/preventing-server-spoofing.html b/doc/src/sgml/html/preventing-server-spoofing.html
new file mode 100644
index 0000000..52e96fc
--- /dev/null
+++ b/doc/src/sgml/html/preventing-server-spoofing.html
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>18.7. Preventing Server Spoofing</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.79.1" /><link rel="prev" href="upgrading.html" title="18.6. Upgrading a PostgreSQL Cluster" /><link rel="next" href="encryption-options.html" title="18.8. Encryption Options" /></head><body id="docContent" class="container-fluid col-10"><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">18.7. Preventing Server Spoofing</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="upgrading.html" title="18.6. Upgrading a PostgreSQL Cluster">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="runtime.html" title="Chapter 18. Server Setup and Operation">Up</a></td><th width="60%" align="center">Chapter 18. Server Setup and Operation</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 13.4 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="encryption-options.html" title="18.8. Encryption Options">Next</a></td></tr></table><hr></hr></div><div class="sect1" id="PREVENTING-SERVER-SPOOFING"><div class="titlepage"><div><div><h2 class="title" style="clear: both">18.7. Preventing Server Spoofing</h2></div></div></div><a id="id-1.6.5.10.2" class="indexterm"></a><p>
+ While the server is running, it is not possible for a malicious user
+ to take the place of the normal database server. However, when the
+ server is down, it is possible for a local user to spoof the normal
+ server by starting their own server. The spoof server could read
+ passwords and queries sent by clients, but could not return any data
+ because the <code class="varname">PGDATA</code> directory would still be secure because
+ of directory permissions. Spoofing is possible because any user can
+ start a database server; a client cannot identify an invalid server
+ unless it is specially configured.
+ </p><p>
+ One way to prevent spoofing of <code class="literal">local</code>
+ connections is to use a Unix domain socket directory (<a class="xref" href="runtime-config-connection.html#GUC-UNIX-SOCKET-DIRECTORIES">unix_socket_directories</a>) that has write permission only
+ for a trusted local user. This prevents a malicious user from creating
+ their own socket file in that directory. If you are concerned that
+ some applications might still reference <code class="filename">/tmp</code> for the
+ socket file and hence be vulnerable to spoofing, during operating system
+ startup create a symbolic link <code class="filename">/tmp/.s.PGSQL.5432</code> that points
+ to the relocated socket file. You also might need to modify your
+ <code class="filename">/tmp</code> cleanup script to prevent removal of the symbolic link.
+ </p><p>
+ Another option for <code class="literal">local</code> connections is for clients to use
+ <a class="link" href="libpq-connect.html#LIBPQ-CONNECT-REQUIREPEER"><code class="literal">requirepeer</code></a>
+ to specify the required owner of the server process connected to
+ the socket.
+ </p><p>
+ To prevent spoofing on TCP connections, either use
+ SSL certificates and make sure that clients check the server's certificate,
+ or use GSSAPI encryption (or both, if they're on separate connections).
+ </p><p>
+ To prevent spoofing with SSL, the server
+ must be configured to accept only <code class="literal">hostssl</code> connections (<a class="xref" href="auth-pg-hba-conf.html" title="20.1. The pg_hba.conf File">Section 20.1</a>) and have SSL key and certificate files
+ (<a class="xref" href="ssl-tcp.html" title="18.9. Secure TCP/IP Connections with SSL">Section 18.9</a>). The TCP client must connect using
+ <code class="literal">sslmode=verify-ca</code> or
+ <code class="literal">verify-full</code> and have the appropriate root certificate
+ file installed (<a class="xref" href="libpq-ssl.html#LIBQ-SSL-CERTIFICATES" title="33.18.1. Client Verification of Server Certificates">Section 33.18.1</a>).
+ </p><p>
+ To prevent spoofing with GSSAPI, the server must be configured to accept
+ only <code class="literal">hostgssenc</code> connections
+ (<a class="xref" href="auth-pg-hba-conf.html" title="20.1. The pg_hba.conf File">Section 20.1</a>) and use <code class="literal">gss</code>
+ authentication with them. The TCP client must connect
+ using <code class="literal">gssencmode=require</code>.
+ </p></div><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navfooter"><hr></hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="upgrading.html" title="18.6. Upgrading a PostgreSQL Cluster">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="runtime.html" title="Chapter 18. Server Setup and Operation">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="encryption-options.html" title="18.8. Encryption Options">Next</a></td></tr><tr><td width="40%" align="left" valign="top">18.6. Upgrading a <span xmlns="http://www.w3.org/1999/xhtml" class="productname">PostgreSQL</span> Cluster </td><td width="20%" align="center"><a accesskey="h" href="index.html" title="PostgreSQL 13.4 Documentation">Home</a></td><td width="40%" align="right" valign="top"> 18.8. Encryption Options</td></tr></table></div></body></html> \ No newline at end of file