Re: SSL Support
| От | dom@happygiraffe.net (Dominic Mitchell) |
|---|---|
| Тема | Re: SSL Support |
| Дата | |
| Msg-id | 20040921093717.GB75507@ppe.happygiraffe.net обсуждение исходный текст |
| Ответ на | Re: SSL Support (Kaare Rasmussen <kar@kakidata.dk>) |
| Список | pgsql-hackers |
On Tue, Sep 21, 2004 at 10:44:22AM +0200, Kaare Rasmussen wrote: > > I think verification of the server certificates is not supported either. > > SSL only serves for encryption, not authentication or integrity checking > > (which is probably a stupid idea). > > I have this feeling that SSL in PostgreSQL isn't category 1 supported if you > can put it that way. Maybe I'm wrong? > > Another way to ensure encrypted (and authenticated, I believe) connections is > to use stunnel with PostgreSQL. > > I'm not sure which solution is the best. SSL in PostgreSQL is integrated. > Stunnel has the advantage of being more generic. having tried none, I don't > know about performance. stunnel is a possible solution, but it'll make it difficult to determine remote connections, as you'll only ever see 127.0.0.1 in your logs. As I said in my other reply, the code to do most of this is already there, it's just #ifdef'd out. -Dom
В списке pgsql-hackers по дате отправления: