Re: pg_hba.conf

Note: Please do NOT Cc: me on replies to the mailing list.  I read the
mailing list.  One copy of your comments is sufficient.  Thank you.

>
> Thanks Mike!
>
> Do you know if pgSQL will be supporting higher level of encryption in
> the near future? Most of us here at Ameritrade work from home via VPN.=20

As I told "mike g": pgsql's encryption has *nothing* to do with your
VPN's encryption.  I'm running a sort of a VPN, using port-
forwarding over OpenSSH.  In fact, from work just now...

From an xterm...
$ ssh -C -c blowfish -2 -L 57001:athome.example.com:5432 athome.example.com

What that command says is to do an SSH login to athome.example.com
and port-forward port 57001 on the local machine to port 5432 on
athome.example.com.  The "-C" says to use data compression on the
session.  The "-c blowfish" says to encrypt the session using the
Blowfish encryption algorithm.

From another xterm...
$ psql -h 127.0.0.1 -p 57001
Password:
Welcome to psql 7.4.2, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help on internal slash commands
       \g or terminate with semicolon to execute query
       \q to quit

jseymour=>

That is the pgsql server on my machine at home.

Now, in my case, it's simplified in that what pgsql sees coming in is
a connection from its own server (localhost), because the connection
is port-forwarded by SSH, rather than routed over a VPN route.  But
that's just a technicality.  The point I'm trying to make is that
pgsql doesn't care, doesn't even *know*, what the VPN connection
uses for encryption--or even that it *is* encrypted.  (Much-less that
my SSH connection travels through an application proxy firewall,
a NAT'd router, and the Lord knows how many routers and other network
equipment on the way.)

Jim