| From: | "Albe Laurenz" <all(at)adv(dot)magwien(dot)gv(dot)at> |
|---|---|
| To: | "Kris Jurka *EXTERN*" <books(at)ejurka(dot)com> |
| Cc: | <pgsql-jdbc(at)postgresql(dot)org> |
| Subject: | Re: SSL support for javax.sql.DataSource |
| Date: | 2007-06-20 12:01:11 |
| Message-ID: | AFCCBB403D7E7A4581E48F20AF3E5DB20375C3C4@EXADV1.host.magwien.gv.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
Kris Jurka wrote:
>> Wouldn't it be a good thing to have SSL support for DataSource
>> connections?
>>
>> It shouldn't be too hard; attached is a patch (against 8.3dev-600)
>> that shows what I mean. It is probably unclean to hard code the
>> NonValidatingFactory...
>
> Especially since it changes the default behavior of the driver to not
> validate. If you'd like to change the default, that discussion should
> happen elsewhere and should affect all the connection
> methods. Why not
> just export the sslfactory option to the DataSource as well?
Sure, that would be easy.
I wanted to know if this was welcome at all, so I started with a simple
patch to explain my idea.
Should I go ahead and write a patch against CVS HEAD, including
sslfactory?
I guess I should write a patch or the documentation too then.
As you say, that discussion should happen elsewhere, but I believe that
SSL without certificate validation would be a good default
because this is the way it is done everywhere else in PostgreSQL.
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mario Splivalo | 2007-06-20 12:44:32 | Log files cluttered with jdbc3/4 for pg8.2 |
| Previous Message | Tom Lane | 2007-06-19 17:19:34 | Re: Literal vs parameterized 'timestamp with time zone' value |