| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: SSL over Unix-domain sockets |
| Date: | 2008-01-05 17:39:08 |
| Message-ID: | 6866.1199554748@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> Here is a patch that implements "localssl" as well. It is quite simple.
The other area that would need some thought before we could consider
this "done" is the behavior of libpq's sslmode parameter. With the
patch as given, an SSL-capable libpq will *default* to using SSL over
sockets, which might be thought overkill; it is almost certainly
going to result in a performance penalty. Is this a reasonable default
behavior? Should sslmode be extended to allow specification of
different behaviors for sockets vs. TCP?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Markus Schiltknecht | 2008-01-05 19:02:41 | Re: Dynamic Partitioning using Segment Visibility Maps |
| Previous Message | Robert Treat | 2008-01-05 16:59:46 | Re: Dynamic Partitioning using Segment Visibility Maps |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mark Mielke | 2008-01-05 19:14:53 | Re: SSL over Unix-domain sockets |
| Previous Message | Peter Eisentraut | 2008-01-05 13:13:46 | Re: SSL over Unix-domain sockets |