From: | Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com> |
---|---|
To: | Yang Zhang <yanghatespam(at)gmail(dot)com> |
Cc: | Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: Preventing accidental non-SSL connections in psql? |
Date: | 2011-04-06 23:57:47 |
Message-ID: | BANLkTi=OYJqNzkCbmLCeZRyVxzDj4Vrf1w@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Wed, Apr 6, 2011 at 5:24 PM, Yang Zhang <yanghatespam(at)gmail(dot)com> wrote:
> On Wed, Apr 6, 2011 at 4:22 PM, Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com> wrote:
>> On Wednesday, April 06, 2011 4:06:40 pm Yang Zhang wrote:
>>> How do I prevent accidental non-SSL connections (at least to specific
>>> hosts) when connecting via psql? Is there any configuration for this?
>>> Thanks.
>>
>> http://www.postgresql.org/docs/9.0/interactive/auth-pg-hba-conf.html
>> hostssl
>> http://www.postgresql.org/docs/9.0/interactive/libpq-connect.html
>> sslmode
>
> I'm aware of sslmode and hostssl - the threat model I'm asking about
> is the client getting MITM'd because the user forgets to specify `psql
> sslmode=verify-full`.
As long as you only have hostssl entries for connections the users
can't connect without ssl.
From | Date | Subject | |
---|---|---|---|
Next Message | Yang Zhang | 2011-04-07 00:19:41 | Re: Preventing accidental non-SSL connections in psql? |
Previous Message | Adrian Klaver | 2011-04-06 23:53:56 | Re: Preventing accidental non-SSL connections in psql? |