Re: Preventing accidental non-SSL connections in psql?

On Wednesday, April 06, 2011 5:21:23 pm Yang Zhang wrote:
> On Wed, Apr 6, 2011 at 4:57 PM, Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com> wrote:
> > On Wed, Apr 6, 2011 at 5:24 PM, Yang Zhang <yanghatespam(at)gmail(dot)com> wrote:
> >> On Wed, Apr 6, 2011 at 4:22 PM, Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com>
wrote:
> >>> On Wednesday, April 06, 2011 4:06:40 pm Yang Zhang wrote:
> >>>> How do I prevent accidental non-SSL connections (at least to specific
> >>>> hosts) when connecting via psql? Is there any configuration for this?
> >>>> Thanks.
> >>>
> >>> http://www.postgresql.org/docs/9.0/interactive/auth-pg-hba-conf.html
> >>> hostssl
> >>> http://www.postgresql.org/docs/9.0/interactive/libpq-connect.html
> >>> sslmode
> >>
> >> I'm aware of sslmode and hostssl - the threat model I'm asking about
> >> is the client getting MITM'd because the user forgets to specify `psql
> >> sslmode=verify-full`.
> >
> > As long as you only have hostssl entries for connections the users
> > can't connect without ssl.
>
> hostssl is a server-side policy; I'm interested in setting up my
> client with mandatory server authentication.

http://www.postgresql.org/docs/9.0/interactive/libpq-envars.html
PGSSLMODE behaves the same as the sslmode connection parameter.

Now you have both ends and the middle:)
--
Adrian Klaver
adrian(dot)klaver(at)gmail(dot)com