Re: Force SSL / username combination

From: Gregory Stark <stark(at)enterprisedb(dot)com>
To: "Robert Treat" <xzilla(at)users(dot)sourceforge(dot)net>
Cc: <pgsql-general(at)postgresql(dot)org>, "Koen Vermeer" <koen(at)vermeer(dot)tv>
Subject: Re: Force SSL / username combination
Date: 2007-07-13 09:21:13
Message-ID: 87k5t464mu.fsf@oxford.xeocode.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

"Robert Treat" <xzilla(at)users(dot)sourceforge(dot)net> writes:

> I'm guessing the lack of response is due to a lack of knowledge on the topic.
> Personally I've never quite understood how you'd make use of the sslinfo
> functions to manage connections without something like on commit triggers, so
> I hope you'll consider submitting some documentation once you figure it out.

Well if you do the popular technique of doing everything through stored
procedures (in our case plpgsql functions) then you can have those functions
check. I don't like that approach myself though.

You could also have a column with a default value which uses the sslinfo to
retrieve the common name. Or you could have a trigger which throws an error if
that function doesn't return valid value. Either way you would be doing a lot
more work than necessary since it would be checking every row, not once per
session. And it wouldn't stop selects.

I think what you really want is a ON CONNECT trigger for this.

--
Gregory Stark
EnterpriseDB http://www.enterprisedb.com

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message angga erwina 2007-07-13 10:33:23 how to measure performance slony
Previous Message Gregory Stark 2007-07-13 09:12:57 Re: One Large Table or Multiple DBs?