Search Postgresql Archives

Re: On "multi-master"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Oct 15, 2005 at 06:04:54PM -0700, Chris Travers wrote:
> Out of curiosity, what is wrong with requiring client SSL certs to 
> access the system and only issuing them to the PGPool system (or using a 
> different CA if you need to issue client certs to the end users)?  This 

Hmm, I like this, although client SSL certs still didn't work with
JDBC last I checked, so it won't solve all the problems.  But you're
right, this would mostly solve the problem I was thinking of,
provided it was described correctly to the (mostly-clueless)
technology rule-producers.

> place (though deliberate circumvention is always an issue when both 
> sides are open source and the DBA has access to all systems-- after all, 

Open source has nothing to do with it, of course.  Malicious attack
by technical staff is something virtually no technology can guarantee
against.  The best you can usually get is adequate logging (and
probably log monitoring) -- and we already provide that.

A

-- 
Andrew Sullivan  | ajs@xxxxxxxxxxxxxxx
The plural of anecdote is not data.
		--Roger Brinner

---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux