Re: Preventing accidental non-SSL connections in psql?

From: Yang Zhang <yanghatespam(at)gmail(dot)com>
To: Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: Preventing accidental non-SSL connections in psql?
Date: 2011-04-06 23:24:30
Message-ID: BANLkTinQz-eFU0LyzpfG5MsKFdDiBrVS+g@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Wed, Apr 6, 2011 at 4:22 PM, Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com> wrote:
> On Wednesday, April 06, 2011 4:06:40 pm Yang Zhang wrote:
>> How do I prevent accidental non-SSL connections (at least to specific
>> hosts) when connecting via psql? Is there any configuration for this?
>> Thanks.
>
> http://www.postgresql.org/docs/9.0/interactive/auth-pg-hba-conf.html
> hostssl
> http://www.postgresql.org/docs/9.0/interactive/libpq-connect.html
> sslmode

I'm aware of sslmode and hostssl - the threat model I'm asking about
is the client getting MITM'd because the user forgets to specify `psql
sslmode=verify-full`.

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Adrian Klaver 2011-04-06 23:53:56 Re: Preventing accidental non-SSL connections in psql?
Previous Message Adrian Klaver 2011-04-06 23:22:25 Re: Preventing accidental non-SSL connections in psql?