Search Postgresql Archives

Re: Preventing accidental non-SSL connections in psql?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wednesday, April 06, 2011 5:21:23 pm Yang Zhang wrote:

> On Wed, Apr 6, 2011 at 4:57 PM, Scott Marlowe <scott.marlowe@xxxxxxxxx> wrote:

> > On Wed, Apr 6, 2011 at 5:24 PM, Yang Zhang <yanghatespam@xxxxxxxxx> wrote:

> >> On Wed, Apr 6, 2011 at 4:22 PM, Adrian Klaver <adrian.klaver@xxxxxxxxx> wrote:

> >>> On Wednesday, April 06, 2011 4:06:40 pm Yang Zhang wrote:

> >>>> How do I prevent accidental non-SSL connections (at least to specific

> >>>> hosts) when connecting via psql? Is there any configuration for this?

> >>>> Thanks.

> >>>

> >>> http://www.postgresql.org/docs/9.0/interactive/auth-pg-hba-conf.html

> >>> hostssl

> >>> http://www.postgresql.org/docs/9.0/interactive/libpq-connect.html

> >>> sslmode

> >>

> >> I'm aware of sslmode and hostssl - the threat model I'm asking about

> >> is the client getting MITM'd because the user forgets to specify `psql

> >> sslmode=verify-full`.

> >

> > As long as you only have hostssl entries for connections the users

> > can't connect without ssl.

>

> hostssl is a server-side policy; I'm interested in setting up my

> client with mandatory server authentication.

http://www.postgresql.org/docs/9.0/interactive/libpq-envars.html

PGSSLMODE behaves the same as the sslmode connection parameter.

Now you have both ends and the middle:)

--

Adrian Klaver

adrian.klaver@xxxxxxxxx


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux