TCP连接到Postgres安全？ SSL是否必需？ [英] TCP Connections to Postgres Secure? SSL Required?

问题描述

早上好，

我正在浏览Postgresql配置文件，最近发现有一个 ssl 选项。我想知道什么时候需要这样做。

说如果你有一个应用服务器和一个数据库服务器，而不是在私有网络中运行。如果用户尝试登录，如果未启用SSL，那么应用程序服务器在查找时是否以有效的用户名/密码将用户的密码以明文形式传输到数据库？

这里的标准做法是什么？是否应该设置我的数据库以使用SSL？

如果是这样， config / database中的连接设置是否有任何差异

解决方案

/ div>

与其他协议一样，对PostgreSQL使用SSL / TLS可以保护客户端和服务器之间的连接。是否需要它取决于您的网络环境。

如果没有SSL / TLS，客户端和服务器之间的流量将被窃听者看到：所有查询和响应，以及可能的密码，具体取决于您如何配置 pg_hba.conf （是否客户端正在使用 md5 或明文密码）。

据我所知，请求MD5或纯文本密码身份验证的服务器，因此当不使用SSL / TLS时，主动中间人在中间攻击者肯定可以降级并获取您的密码。

良好配置的SSL / TLS连接应允许您防止对密码和数据的窃听和MITM攻击。

您可以要求SSL在服务器端使用 sslhost 在 pg_hba.conf 中，但这只是问题的一部分。最终，就像网络服务器一样，由客户端验证SSL是否被使用，它与正确的服务器一起使用。

libpq文档中的表31-1总结了您获得的保护级别。

基本上：

• 如果您认为您有理由使用SSL，禁用，允许和 prefer 是无用的（如果您想要安全性，不要采取否或也许）。


• require 几乎无用，因为它根本不会验证远程服务器的身份。


• verify-ca 不验证主机名，这使其容易受到MITM攻击。

verify-full 。

这些SSL模式名称由libpq设置。其他客户端可能不会使用相同的（例如纯Ruby实现或JDBC）。

据我所见， ruby​​-pg 依赖于libpq。很遗憾，它仅为其 sslmode 。如果直接传递，也许 verify-full 也可能工作。但是，还需要一种配置CA证书的方法。

Good morning,

I was going through the Postgresql configuration files, and recently noticed that there is an ssl option. I was wondering when this is required.

Say if you have an app server and a database server - not running inside a private network. If a user tries to log in, if SSL is not enabled will the app server transmit the user's password in cleartext to the database when looking up if it is a valid username/password?

What is standard practice here? Should I be setting up my DB to use SSL?

If that is the case, is there any difference in the connection settings in config/database.yml in my Rails app?

Thanks!

解决方案

Like for other protocols, using SSL/TLS for PostgreSQL allows you to secure the connection between the client and the server. Whether you need it depends on your network environment.

Without SSL/TLS the traffic between the client and the server will be visible by an eavesdropper: all the queries and responses, and possibly the password depending on how you've configured your pg_hba.conf (whether the client is using md5 or a plaintext password).

As far as I'm aware, it's the server that requests MD5 or plaintext password authentication, so an active Man-In-The-Middle attacker could certainly downgrade that and get your password anyway, when not using SSL/TLS.

A well-configured SSL/TLS connection should allow you to prevent eavesdropping and MITM attacks, against both passwords and data.

You can require SSL to be used on the server side using sslhost in pg_hba.conf, but that's only part of the problem. Ultimately, just like for web servers, it's up to the client to verify that SSL is used at all, and that it's used with the right server.

Table 31-1 in the libpq documentation summarises the levels of protection you get.

Essentially:

• if you think you have a reason to use SSL, disable, allow and prefer are useless (don't take "No" or "Maybe" if you want security).
• require is barely useful, since it doesn't verify the identity of the remote server at all.
• verify-ca doesn't verify the host name, which makes it vulnerable to MITM attacks.

The one you'll want if security matters to you is verify-full.

These SSL mode names are set by libpq. Other clients might not use the same (e.g. pure Ruby implementation or JDBC).

As far as I can see, ruby-pg relies on libpq. Unfortunately, it only lists "disable|allow|prefer|require" for its sslmode. Perhaps verify-full might work too if it's passed directly. However, there would also need a way to configure the CA certificates.

这篇关于TCP连接到Postgres安全？ SSL是否必需？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！