Re: Preventing accidental non-SSL connections in psql?
| От | Adrian Klaver |
|---|---|
| Тема | Re: Preventing accidental non-SSL connections in psql? |
| Дата | |
| Msg-id | 201104061653.56845.adrian.klaver@gmail.com обсуждение исходный текст |
| Ответ на | Re: Preventing accidental non-SSL connections in psql? (Yang Zhang <yanghatespam@gmail.com>) |
| Ответы |
Re: Preventing accidental non-SSL connections in psql?
|
| Список | pgsql-general |
On Wednesday, April 06, 2011 4:24:30 pm Yang Zhang wrote:
> On Wed, Apr 6, 2011 at 4:22 PM, Adrian Klaver <adrian.klaver@gmail.com> wrote:
> > On Wednesday, April 06, 2011 4:06:40 pm Yang Zhang wrote:
> >> How do I prevent accidental non-SSL connections (at least to specific
> >> hosts) when connecting via psql? Is there any configuration for this?
> >> Thanks.
> >
> > http://www.postgresql.org/docs/9.0/interactive/auth-pg-hba-conf.html
> > hostssl
> > http://www.postgresql.org/docs/9.0/interactive/libpq-connect.html
> > sslmode
>
> I'm aware of sslmode and hostssl - the threat model I'm asking about
> is the client getting MITM'd because the user forgets to specify `psql
> sslmode=verify-full`.
http://www.postgresql.org/docs/9.0/interactive/ssl-tcp.html
17.8.1. Using client certificates
--
Adrian Klaver
adrian.klaver@gmail.com
В списке pgsql-general по дате отправления: