Re: SSL - NonValidatingFactory

On Fri, 24 Jul 2009, Saleem EDAH-TALLY wrote:

> I don't know if devs on this forum are server devs too. I would suggest
> that irrespective of the presence of a server trusted cert (root.crt)
> that the server be usable by the client, as his any time choice, for
> encryption only and/or server/client authentication. Other RDBMS allow
> that : Oracle, Apache Derby and MySQL. Although traffic encryption only
> raises security concerns, it may be helpful in some limited cases.

That's not going to happen.  A server configured with a root.crt file is
essentially saying, "Clients must present a certificate to be
authenticated."  Allowing a client to bypass that check is a serious
security hole.  You might as well request that the client should be
allowed to decide not to provide a password even if the server requests
it and be able to connect.

Kris Jurka