Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1uzYbp-004t4g-Pt
	for pgsql-general@arkaria.postgresql.org; Fri, 19 Sep 2025 10:44:58 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1uzYbo-0060kw-Cz
	for pgsql-general@arkaria.postgresql.org; Fri, 19 Sep 2025 10:44:56 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <daniel@yesql.se>)
	id 1uzYbo-0060km-2G
	for pgsql-general@lists.postgresql.org; Fri, 19 Sep 2025 10:44:56 +0000
Received: from smtp.outgoing.loopia.se ([93.188.3.37])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <daniel@yesql.se>)
	id 1uzYbk-001gRh-16
	for pgsql-general@lists.postgresql.org;
	Fri, 19 Sep 2025 10:44:55 +0000
Received: from s807.loopia.se (localhost [127.0.0.1])
	by s807.loopia.se (Postfix) with ESMTP id 976D545006A
	for <pgsql-general@lists.postgresql.org>; Fri, 19 Sep 2025 12:44:52 +0200 (CEST)
Received: from s899.loopia.se (unknown [172.22.191.5])
	by s807.loopia.se (Postfix) with ESMTP id 81FB14511AA;
	Fri, 19 Sep 2025 12:44:52 +0200 (CEST)
Received: from s472.loopia.se (unknown [172.22.191.5])
	by s899.loopia.se (Postfix) with ESMTP id 7FA842C8BAB6;
	Fri, 19 Sep 2025 12:44:52 +0200 (CEST)
X-Virus-Scanned: amavisd-new at amavis.loopia.se
X-Spam-Flag: NO
X-Spam-Score: -1.2
X-Spam-Level:
X-Spam-Status: No, score=-1.2 tagged_above=-999 required=6.2
 tests=[ALL_TRUSTED=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
 DKIM_VALID_EF=-0.1] autolearn=disabled
Authentication-Results: s472.loopia.se (amavisd-new); dkim=pass (2048-bit key)
 header.d=yesql.se
Received: from s980.loopia.se ([172.22.191.5])
 by s472.loopia.se (s472.loopia.se [172.22.190.12]) (amavisd-new, port 10024)
 with UTF8LMTP id AU65pKC3wQmT; Fri, 19 Sep 2025 12:44:52 +0200 (CEST)
X-Loopia-Auth: user
X-Loopia-User: daniel@yesql.se
X-Loopia-Originating-IP: 89.255.232.236
Received: from smtpclient.apple (customer-89-255-232-236.stosn.net [89.255.232.236])
	(Authenticated sender: daniel@yesql.se)
	by s980.loopia.se (Postfix) with ESMTPSA id E951A22016C9;
	Fri, 19 Sep 2025 12:44:51 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yesql.se;
	s=loopiadkim1707475645; t=1758278692;
	bh=UtPhWEVQIlYU5anOQOKy/mVAXCtkiU5fw+d7WUjp04o=;
	h=Subject:From:In-Reply-To:Date:Cc:References:To;
	b=Xk5U637ze15rImIItKBeSc5XM+jyUHx3j3l+21TRcqQ8sqmf+b6oAfBBHAvqnGdth
	 uRUo8qIPONEKEUO85pU6Oa9irgQqjTx36AdBasIYa9PUYX6JTUsEcYwk/xzT3wJ3kU
	 Z6MCYIod+ZOlm79mF4weZufL4Hr+F6kSmROd7NRBQtuPK2Aj/P9EwbsXxsd1CWzGhN
	 yJbyu2Q93fxyqu3YHyssBeooYPbGE0Kx5j0E6Rku4VDKWmPZnOgMH68eOag8TuwBxr
	 y9VyHDSWFWd5HKfwZ8TIls4Q5KSID250bOQgs01l2PodLIOWZEHLoZ9/FfLc2z4noD
	 UZnpsN99hFt4A==
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51.11.2\))
Subject: Re: Client/server certificates verification support on Android
 platform
From: Daniel Gustafsson <daniel@yesql.se>
In-Reply-To: <CAKOSLFXOxaNG2B9WyZ2B-_KmrL2mHmCpd3agSP6kRAaL0=7YOA@mail.gmail.com>
Date: Fri, 19 Sep 2025 12:44:41 +0200
Cc: pgsql-general@lists.postgresql.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <CD466ADF-0C2B-4458-A511-37C11F67AF7D@yesql.se>
References: <CAKOSLFXOxaNG2B9WyZ2B-_KmrL2mHmCpd3agSP6kRAaL0=7YOA@mail.gmail.com>
To: Mathieu Pellerin <mathieu@opengis.ch>
X-Mailer: Apple Mail (2.3776.700.51.11.2)
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CD466ADF-0C2B-4458-A511-37C11F67AF7D%40yesql.se>
Precedence: bulk

> On 19 Sep 2025, at 12:18, Mathieu Pellerin <mathieu@opengis.ch> wrote:

> Would it make sense for other operating systems beyond Windows to also =
have relaxed permissions within specific application-specific folders? =
On Android, the application=E2=80=99s data directory would certainly =
match a similar set of secure assumptions as the OS restricts its =
access.

FWIW, I am not a fan of the presumed-safe approach to filesystem =
locations, and
even less so of relaxed permissions via configuration.

One thing which has been discussed is to add support for vaults, like =
macOS
keychain etc, as an alternative to filesystem acceess.  Are there any =
such
capabilities on Android which could be relied upon?

--
Daniel Gustafsson