Re: [INTERFACES] Using JDBC and SSL (or any method of security)
| От | Peter T Mount |
|---|---|
| Тема | Re: [INTERFACES] Using JDBC and SSL (or any method of security) |
| Дата | |
| Msg-id | Pine.LNX.3.96.980721133135.2998I-100000@taer.maidstone.gov.uk обсуждение исходный текст |
| Ответ на | Re: [INTERFACES] Using JDBC and SSL (or any method of security) ("Andrew R. Jackson" <ajackson@dezines.com>) |
| Список | pgsql-interfaces |
[email problems within maidstone.gov.uk has delayed this response - peter] On Wed, 15 Jul 1998, Andrew R. Jackson wrote: > At 06:51 AM 15/07/98 +0100, you wrote: > >> We want to use JDBC together with a patched PostgreSQL using Brett > >> McCormick's PostgreSQl-SSL patch. Is it possible to use encrypted > >> communication with JDBC using this? Or kerberos? Or do you have any > >> suggestions as to how we can make it secure? > > > >Currently there is no way of encrypting the data stream using SSL or > >Kerberos - yet. The java.security api may help us in the near future. > > The article "JBDC Drivers and Web Security" by Mukul Sood in Dr. Dobb's > Journal (July 1998) discusses this a bit and some solutions that > currently exist. A discussion about the use of SSL in JBDC solutions is > included. In addition, three of the driver venders considered in the > latter part of the article make use of SSL. > > As Sood says "any program that makes use of TCP can be modified to use > SSL connections". Several of the driver venders make use of this by > providing encryption and authentification services to network > applications (including Java applets and applications using JDBC) using > SSL. > > For a good example of this, read the section in the article on > WebLogic's Tengah/JBDC, which uses RSA SSL. When I get time, I'll look at how SSL works with postgresql at the moment, and see if I can implement it easily. > >The only encoding possible so far is using the crypt authentication > >system, where the password is sent over the wire encrypted. We can handle > >this, as we have our own copy of crypt in the driver. > > Peter or somebody, could you point me to an example of how this is used? Thanks. Simply set the authentication type in pg_hba.conf to crypt. ie: host all 192.168.4.0 255.255.255.0 crypt Because the protocol sents the authentication type to the client, the driver automatically switches to crypt. -- Peter Mount (at work) peter@taer.maidstone.gov.uk or peter@maidstone.gov.uk If you mail me here, please cc my home address peter@retep.org.uk
В списке pgsql-interfaces по дате отправления: