You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the issue
At the moment the only way to provide the root certificates for LibPQFactory is by giving it the filesystem location of the file containing the root certs.
This approach has vulnerabilities because an attacker can modify the root certs file in the filesystem. Plus if the app receives the root cert from a channel other than the filesystem it forces the app to write the data to the filesystem in order for it to be used by LibPQFactory.
I propose that LibPQFactory can load the root certs from the classpath as well, basically in a manner similar to how its done by SingleCertValidatingFactory.
I'm available to raise a PR for it with a proposed implementation.
The text was updated successfully, but these errors were encountered:
I'm submitting a feature request
Describe the issue
At the moment the only way to provide the root certificates for
LibPQFactory
is by giving it the filesystem location of the file containing the root certs.This approach has vulnerabilities because an attacker can modify the root certs file in the filesystem. Plus if the app receives the root cert from a channel other than the filesystem it forces the app to write the data to the filesystem in order for it to be used by
LibPQFactory
.I propose that
LibPQFactory
can load the root certs from the classpath as well, basically in a manner similar to how its done bySingleCertValidatingFactory
.I'm available to raise a PR for it with a proposed implementation.
The text was updated successfully, but these errors were encountered: