Re: SSL Problem

On Fri, 16 Jul 2004, [ISO-8859-1] Jos� Carlos Stevenson wrote:

> I've been using JWS to deploy an application that uses postgresql.
> I've configured pg to use MD5 for a minimum of security (user and
> passwd) - how can I deploy an app that uses SSL WITHOUT having to run
> keytool on each machine?
> Can I "show" the certificate (self signed) and ask the user if he/she
> would like to accept it as valied? Is thera a HOWTO anywhere or some
> sample code showing how to do that?

One answer is to use a server key/cert that has been signed by a
certificate authority thats already distributed with the JVM, but that's
going to cost you money.

A number of people have asked to not require a trusted cert to get around
both this problem and something like an applet which has no control.  The
decrease in security has made me hesitant to do this.  A while back Chris
Smith proposed a patch to allow the user to supply their own
SSLSocketFactory.

http://archives.postgresql.org/pgsql-jdbc/2004-02/msg00218.php

I didn't like this at the time, but perhaps we should revisit it.

Kris Jurka