Re: SSL use

On Fri, Apr 22, 2005 at 04:38:29PM -0400, ruel.cima wrote:
>
> im handling some important information that needs to be stored in my
> postgresql database via a php script. i've been reading the mails sent on
> this mailing list on SSL use. my postgresql server allows SSL connections
> but im not sure how to make use of this.id like to know more about ssl and
> how to take advantage of its security features. any references?

The documentation index has a few entries for "SSL". Here are some
useful links for 8.0:

http://www.postgresql.org/docs/8.0/interactive/ssl-tcp.html
http://www.postgresql.org/docs/8.0/interactive/libpq.html#LIBPQ-CONNECT
http://www.postgresql.org/docs/8.0/interactive/client-authentication.html#AUTH-PG-HBA-CONF

> from my php script, do i need to make a special connection to the database
> or is the same e.g pg_connect(host= localhost dbname=test user=p
> password=p)?

You could add "sslmode=require" to attempt only an SSL connection.

If the connection should always be encrypted, then you could edit
the server's pg_hba.conf and allow only "hostssl" connections. In
that case you shouldn't need to specify "sslmode=require" when you
connect, although doing so serves as a safety measure against
pg_hba.conf misconfiguration, and as a reminder that the connection
should be encrypted.

> is my information automatically transfered in an encrypted fashion?

Yes, assuming you've successfully negotiated an SSL connection. To
be sure, you could use a sniffer like tcpdump or ethereal to look
at the traffic.

--
Michael Fuhr
http://www.fuhr.org/~mfuhr/