From: | "Donald Fraser" <postgres(at)kiwi-fraser(dot)net> |
---|---|
To: | "[JDBC]" <pgsql-jdbc(at)postgresql(dot)org> |
Subject: | Re: SSL - NonValidatingFactory |
Date: | 2009-07-24 20:35:59 |
Message-ID: | 06A1A99816A8447CBC59B1F54CA93286@Demolish2 |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
----- Original Message -----
From: Saleem EDAH-TALLY
>OK, that's a clear explanation.
>I don't know if devs on this forum are server devs too. I would suggest
>that irrespective of the presence of a server trusted cert (root.crt) that
>the server be usable by the client, as his any time choice, for
>encryption only and/or server/client authentication. Other RDBMS allow
>that : Oracle, Apache Derby and MySQL.
>Although traffic encryption only raises security concerns, it may be
>helpful in some limited cases.
Can I just say my two cents worth.
I think what you want is server authentication, which is achieved with
server certificates. That is a server.crt and server.key files in the data
directory of the server.
The client can choose, if configured correctly in pg_hba.conf, whether they
want to connect with ssl or not and this is when you might want the
NonValidatingFactory, which I would guess means you don't need the server's
public key certificate in the Java key store to validate against.
Regards
Donald
From | Date | Subject | |
---|---|---|---|
Next Message | John Dunlap | 2009-07-25 15:29:16 | No suitable driver found |
Previous Message | Saleem EDAH-TALLY | 2009-07-24 20:07:48 | Re: SSL - NonValidatingFactory |