Re: ssl connections to postgresql

From: "James B(dot) Byrne" <byrnejb(at)harte-lyne(dot)ca>
To: "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: ssl connections to postgresql
Date: 2007-07-26 13:26:01
Message-ID: 37612.216.185.71.30.1185456361.squirrel@webmail.harte-lyne.ca
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general


On Tue, July 24, 2007 18:29, Joshua D. Drake wrote:

>
> just enforce hostssl in your pg_hba.conf and nothing else. If you can
> connect, you are good :)
>
> Joshua D. Drake

Thanks, I will probably end up doing this.

What I am really looking for is an audit trail for all DBM host
connections to show the security compliance team that the network links
are in fact secured. I call it a confidence check setting because that is
really what it is, a statement in the logs to engender confidence in
people who have limited knowledge of the detailed workings of the server
process (which includes me at the moment).

What is the process to make a suggestion to the pg maintainers to add a
configurable logging option like this?

Is there a way to use a key larger than 256 bits and is there any reason
why this would not be useful in practice? Our standard key sizes here
seem to by either 1024 or 2048.

Regards,

--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB(at)Harte-Lyne(dot)ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Tom Lane 2007-07-26 14:04:19 Re: a few questions (and doubts) about xid
Previous Message James B. Byrne 2007-07-26 13:19:01 Re: ssl connections to postgresql