On Sat, Oct 15, 2005 at 06:04:54PM -0700, Chris Travers wrote: > Out of curiosity, what is wrong with requiring client SSL certs to > access the system and only issuing them to the PGPool system (or using a > different CA if you need to issue client certs to the end users)? This Hmm, I like this, although client SSL certs still didn't work with JDBC last I checked, so it won't solve all the problems. But you're right, this would mostly solve the problem I was thinking of, provided it was described correctly to the (mostly-clueless) technology rule-producers. > place (though deliberate circumvention is always an issue when both > sides are open source and the DBA has access to all systems-- after all, Open source has nothing to do with it, of course. Malicious attack by technical staff is something virtually no technology can guarantee against. The best you can usually get is adequate logging (and probably log monitoring) -- and we already provide that. A -- Andrew Sullivan | ajs@xxxxxxxxxxxxxxx The plural of anecdote is not data. --Roger Brinner ---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings