On Wed, Apr 6, 2011 at 4:53 PM, Adrian Klaver <adrian.klaver@xxxxxxxxx> wrote: > On Wednesday, April 06, 2011 4:24:30 pm Yang Zhang wrote: > >> On Wed, Apr 6, 2011 at 4:22 PM, Adrian Klaver <adrian.klaver@xxxxxxxxx> >> wrote: > >> > On Wednesday, April 06, 2011 4:06:40 pm Yang Zhang wrote: > >> >> How do I prevent accidental non-SSL connections (at least to specific > >> >> hosts) when connecting via psql? Is there any configuration for this? > >> >> Thanks. > >> > > >> > http://www.postgresql.org/docs/9.0/interactive/auth-pg-hba-conf.html > >> > hostssl > >> > http://www.postgresql.org/docs/9.0/interactive/libpq-connect.html > >> > sslmode > >> > >> I'm aware of sslmode and hostssl - the threat model I'm asking about > >> is the client getting MITM'd because the user forgets to specify `psql > >> sslmode=verify-full`. > > http://www.postgresql.org/docs/9.0/interactive/ssl-tcp.html > > 17.8.1. Using client certificates Client certs are only for client authentication; I'm interested in mandatory server authentication. -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
