| From: | Kris Jurka <books(at)ejurka(dot)com> |
|---|---|
| To: | Albe Laurenz <all(at)adv(dot)magwien(dot)gv(dot)at> |
| Cc: | pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: SSL support for javax.sql.DataSource |
| Date: | 2007-07-06 20:51:09 |
| Message-ID: | Pine.BSO.4.64.0707061636360.10158@leary.csoft.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
On Wed, 20 Jun 2007, Albe Laurenz wrote:
> Should I go ahead and write a patch against CVS HEAD, including
> sslfactory? I guess I should write a patch or the documentation too
> then.
Yes, please.
> As you say, that discussion should happen elsewhere, but I believe that
> SSL without certificate validation would be a good default
> because this is the way it is done everywhere else in PostgreSQL.
>
One of the ideas that Oliver had was to make the ssl parameter take a
String value so you could say things like ssl=try or ssl=require or
ssl=none. See the brief code around
org.postgresql.core.v3.ConnectionFactoryImpl#openConnectionImpl. We could
do that and add ssl=validate or ssl=novalidate. That would make it easier
for people to change the validation setting without getting into the
details of sslfactory. I didn't think ssl=try was a real useful setting
so resisted the idea at the time, but now that there are more interesting
options perhaps we should give the idea another look.
Kris Jurka
| From | Date | Subject | |
|---|---|---|---|
| Next Message | baisa, darwin | 2007-07-07 03:30:48 | Re: Connection is closed. Operation is not permitted. ------HELP.... |
| Previous Message | Kris Jurka | 2007-07-06 20:35:33 | Re: a simple example of XA (not working) |