Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <buildfarm-members-owner+archive@lists.postgresql.org>)
	id 1rshEm-008exJ-Sf
	for buildfarm-members@arkaria.postgresql.org; Fri, 05 Apr 2024 10:56:01 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <buildfarm-members-owner+archive@lists.postgresql.org>)
	id 1rshEm-00CoJY-4c
	for buildfarm-members@arkaria.postgresql.org; Fri, 05 Apr 2024 10:56:00 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <olbohlen@eenfach.de>)
	id 1rshEl-00CoH3-Ud
	for buildfarm-members@lists.postgresql.org; Fri, 05 Apr 2024 10:55:59 +0000
Received: from eenfach.de ([91.211.43.61])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <olbohlen@eenfach.de>)
	id 1rshEj-000m0b-An
	for buildfarm-members@postgresql.org; Fri, 05 Apr 2024 10:55:59 +0000
Received: from localhost (ip-109-42-114-179.web.vodafone.de [109.42.114.179])
	(authenticated bits=0)
	by eenfach.de (8.16.1/8.15.1) with ESMTPSA id 435AtrVj966505
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
	Fri, 5 Apr 2024 12:55:54 +0200 (CEST)
From: Olaf Bohlen <olbohlen@eenfach.de>
To: Andrew Dunstan <andrew@dunslane.net>
Cc: buildfarm-members@postgresql.org
Subject: Re: SSL tests
In-Reply-To: <192d7b4f-16e4-404c-ac4b-9f8fa680f5cf@dunslane.net> (Andrew
	Dunstan's message of "Thu, 4 Apr 2024 10:29:17 -0400")
References: <c2474e21-4528-4042-9b98-d88ab21f7efa@dunslane.net>
	<wu3jzldp6tf.fsf@eenfach.de>
	<192d7b4f-16e4-404c-ac4b-9f8fa680f5cf@dunslane.net>
Date: Fri, 05 Apr 2024 12:55:42 +0200
Message-ID: <wu3ttkgnknl.fsf@eenfach.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
List-Id: <buildfarm-members.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:buildfarm-members@lists.postgresql.org>
List-Owner: <mailto:buildfarm-members-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/buildfarm-members>
Archived-At: 
 <https://www.postgresql.org/message-id/wu3ttkgnknl.fsf%40eenfach.de>
Precedence: bulk

Andrew Dunstan <andrew@dunslane.net> writes:

Dear Andrew and Wolfgang,

> No, it's more a security issue. We have to run the server for SSL
> tests with TCP enabled, meaning other users on the localhost can
> connect to it. If untrusted users in your multi-user environment can
> connect to a socket in your container, then you probably should not
> turn this on.

Thanks for the clarification, I'll turn on the checks then!

Best Regards,

Olaf

-- 
      ~       Olaf Bohlen - olbohlen@eenfach.de
      |~~     Het
     /|  \    Bruine
 ___/_|___\   Leven
   \__n____/# DGCN2