| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Mark Mielke <mark(at)mark(dot)mielke(dot)cc>, Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: SSL over Unix-domain sockets |
| Date: | 2008-01-15 09:25:21 |
| Message-ID: | 20080115092521.GF627@svr2.hagander.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
On Tue, Jan 15, 2008 at 10:10:37AM +0100, Peter Eisentraut wrote:
> Am Montag, 14. Januar 2008 schrieb Tom Lane:
> > If we do want to apply Peter's patch, I think it needs to be extended so
> > that the default behavior on sockets is the same as before, ie, no SSL.
> > This could be done by giving libpq an additional connection parameter,
> > say "socketsslmode", having the same alternatives as sslmode but
> > defaulting to "allow" instead of "prefer".
>
> I suggest we don't do anything for 8.3, and return to investigate the full
> range of options for 8.4. Those might include adding SSL support for local
> sockets but disabled by default, using SO_PEERCRED to check the server
> identity, and more fine-grained control over (multiple?) local socket
> placement.
+1
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2008-01-15 09:25:53 | Re: could not open relation: Invalid argument |
| Previous Message | Peter Eisentraut | 2008-01-15 09:10:37 | Re: SSL over Unix-domain sockets |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Neil Conway | 2008-01-15 10:04:08 | Re: Revised xml memory allocation patch |
| Previous Message | Peter Eisentraut | 2008-01-15 09:10:37 | Re: SSL over Unix-domain sockets |