| From: | "Henry B(dot) Hotz" <hotz(at)jpl(dot)nasa(dot)gov> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | josh(at)agliodbs(dot)com, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Fwd: [PATCHES] Preliminary GSSAPI Patches |
| Date: | 2007-05-02 15:53:08 |
| Message-ID: | 264E5D3E-DA5F-412E-AE83-4382D89CD41C@jpl.nasa.gov |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On May 2, 2007, at 3:11 AM, Magnus Hagander wrote:
>> As to the question of GSSAPI vs SSL, I would never argue we don't
>> want both.
>>
>> Part of what made the GSSAPI encryption mods difficult was my intent
>> to insert them "above" the SSL encryption/buffering layer. That way
>> you could double-encrypt the channel. Since GSSAPI and SSL are
>> (probably, not necessarily) referenced to completely different ID
>> infrastructure there are scenarios where that's beneficial.
>
> We might want to consider restructuring how SSL works when we do, that
> might make it easier. The way it is now with #ifdefs all around can
> lead to
> a horrible mess if there are too many different things to choose from.
> Something like "transport filters" or whatever might be a way to do
> it. I
> recall having looked at that at some point, but it was too long ago to
> remember any details..
>
> //Magnus
If someone wants to make it easier, that would be nice, I'm not up
for it, I don't think.
------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry(dot)B(dot)Hotz(at)jpl(dot)nasa(dot)gov, or hbhotz(at)oxy(dot)edu
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Akmal Akmalhojaev | 2007-05-02 15:57:47 | Creating new system catalog problems. |
| Previous Message | Scott Marlowe | 2007-05-02 15:52:52 | Re: reindexdb hangs |