Re: looking for a secure

Mitch Vincent wrote:

> I think you've got most of your problem solved -- at least in theory.
>
> The answer to your questions of SSL and IPs is yes, and yes - check the
> manual for details..

Yeah, I know that it's straightforward to compile the SSL into the server,
but the question on the SSL is more of how likely is it that we are going to
be able to roll our own SSL communications from our lightweight C client
running on a hodgepodge of AIX and SCO machines.  I'm not the author of the C
program, so I really can't speak with authority, but I imagine it's not
trivial.  I also have seen some of the Pg folks (Momjian for one, maybe
Lane) post with some skepticism about the state of the SSL support, but I
don't recall the details at the moment.

> 10,000 clients eh'. I hope you have some beefy hardware :-)

It's 10,000 clients, but talking to us only once every 15 minutes to an hour,
and at very known intervals so we can kind of control the flow.  I was just
wondering how well Pg would manage that many user accounts.  But yes, should
we need to beef up the hardware, we do at least have the ability to do that
quite liberally.

Thanks for the input thus far!  I wish Perl was an option, I think I might
have been able to leverage its DBI::ProxyServer to isolate the physical db
from the internet a bit more.  Ah well, c'est la vie.

-Fran