Re: SSL - NonValidatingFactory

From: "Donald Fraser" <postgres(at)kiwi-fraser(dot)net>
To: "[JDBC]" <pgsql-jdbc(at)postgresql(dot)org>
Subject: Re: SSL - NonValidatingFactory
Date: 2009-07-24 20:35:59
Message-ID: 06A1A99816A8447CBC59B1F54CA93286@Demolish2
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-jdbc

----- Original Message -----
From: Saleem EDAH-TALLY

>OK, that's a clear explanation.

>I don't know if devs on this forum are server devs too. I would suggest
>that irrespective of the presence of a server trusted cert (root.crt) that
>the server be usable by the client, as his any time choice, for
>encryption only and/or server/client authentication. Other RDBMS allow
>that : Oracle, Apache Derby and MySQL.
>Although traffic encryption only raises security concerns, it may be
>helpful in some limited cases.

Can I just say my two cents worth.
I think what you want is server authentication, which is achieved with
server certificates. That is a server.crt and server.key files in the data
directory of the server.
The client can choose, if configured correctly in pg_hba.conf, whether they
want to connect with ssl or not and this is when you might want the
NonValidatingFactory, which I would guess means you don't need the server's
public key certificate in the Java key store to validate against.

Regards
Donald

In response to

Browse pgsql-jdbc by date

  From Date Subject
Next Message John Dunlap 2009-07-25 15:29:16 No suitable driver found
Previous Message Saleem EDAH-TALLY 2009-07-24 20:07:48 Re: SSL - NonValidatingFactory