Re: Force SSL / username combination

On Thursday 12 July 2007 10:44, Koen Vermeer wrote:
> On Mon, 2007-07-09 at 09:05 +0200, Koen Vermeer wrote:
> > I want to set up a database server that is connected to the Internet.
> > Therefore, I want my users to use SSL/TLS certificates. I provide these
> > certificates to the users, so I can control the information that is in
> > there. Now, I know that I can set up PostgreSQL to use SSL/TLS, but I am
> > unable to find a way to map a SSL/TLS certificate to a specific user.
> > Is there a way to set this up? If so, how?
> > Thanks for any pointers!
>
> Despite the somewhat less than overwhelming number of replies, I think I
> found a way around this. Just in case someone else may be looking for
> this:
>
> In contrib, there is something called 'sslinfo', which provides details
> of the X509 certificate that was used by the client for the session.
> Based on that, I can validate whether a username indeed matches the
> certificate, or make sure a user can only get data matching some field
> in the table to a field of the certificate, which probably is all I
> need.
>

I'm guessing the lack of response is due to a lack of knowledge on the topic.
Personally I've never quite understood how you'd make use of the sslinfo
functions to manage connections without something like on commit triggers, so
I hope you'll consider submitting some documentation once you figure it out.

--
Robert Treat
Build A Brighter LAMP :: Linux Apache {middleware} PostgreSQL