| From: | Magnus Hagander <mha(at)sollentuna(dot)net> |
|---|---|
| To: | "'Peter Eisentraut'" <peter_e(at)gmx(dot)net> |
| Cc: | PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | RE: RE: SSL Patch - again :-) |
| Date: | 2000-08-23 14:11:33 |
| Message-ID: | 215896B6B5E1CF11BC5600805FFEA82103D97C91@sirius.edu.sollentuna.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> > I think I wasn't clear enough. :-) It can *already* be
> specified by any
> > client application as long as you use PQconnectdb(). For example:
> > PQconnectdb("dbname='foo' host='localhost' requiressl=1")
>
> I understand but this setting needs to be made available externally in
> some cases like psql and pg_dump and I was afraid of option letter
> inflation.
I was thinking we could use a "psql variable" in the case of psql, if we
wanted. For example:
psql -h localhost template1 -v "requiressl=1"
or something like that?
Oh, and it's still available by
PGREQUIRE_SSL=1 pgdump <whatever>
> Actually, isn't there a trichotomy here: 1. require SSL, 2. use SSL if
> available, 3. refuse SSL. The server side already handles all
> cases: 1 -
> "hostssl" in pg_hba.conf, 2 - `postmaster -l', 3 - default. The client
> side should perhaps also have these choices, not sure.
Good point. The reason for the client to not do SSL when both client and
server supports it could be performance, I guess.
Perhaps we shuold replace PGREQUIRE_SSL with "PGSSLMODE", being:
0 - Refuse SSL
1 - Negotiate, Prefer non-SSL
2 - Negotiate, Prefer SSL (default)
3 - Require SSL
Anything else you guys will need on this patch before it's fine? :-) No
rush, but just so I know what to work on...
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2000-08-23 14:30:30 | Re: Optimisation deficiency: currval('seq')-->seq scan, constant-->index scan |
| Previous Message | Tom Lane | 2000-08-23 14:03:37 | Re: New MAC OUI capabilities |