| From: | dom(at)happygiraffe(dot)net (Dominic Mitchell) |
|---|---|
| To: | Kaare Rasmussen <kar(at)kakidata(dot)dk> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: SSL Support |
| Date: | 2004-09-21 09:37:17 |
| Message-ID: | 20040921093717.GB75507@ppe.happygiraffe.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Sep 21, 2004 at 10:44:22AM +0200, Kaare Rasmussen wrote:
> > I think verification of the server certificates is not supported either.
> > SSL only serves for encryption, not authentication or integrity checking
> > (which is probably a stupid idea).
>
> I have this feeling that SSL in PostgreSQL isn't category 1 supported if you
> can put it that way. Maybe I'm wrong?
>
> Another way to ensure encrypted (and authenticated, I believe) connections is
> to use stunnel with PostgreSQL.
>
> I'm not sure which solution is the best. SSL in PostgreSQL is integrated.
> Stunnel has the advantage of being more generic. having tried none, I don't
> know about performance.
stunnel is a possible solution, but it'll make it difficult to determine
remote connections, as you'll only ever see 127.0.0.1 in your logs.
As I said in my other reply, the code to do most of this is already
there, it's just #ifdef'd out.
-Dom
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Harald Fuchs | 2004-09-21 09:40:17 | Re: libpq and prepared statements progress for 8.0 |
| Previous Message | Dominic Mitchell | 2004-09-21 09:35:56 | Re: SSL Support |