On Tue, July 24, 2007 18:29, Joshua D. Drake wrote: > > just enforce hostssl in your pg_hba.conf and nothing else. If you can > connect, you are good :) > > Joshua D. Drake Thanks, I will probably end up doing this. What I am really looking for is an audit trail for all DBM host connections to show the security compliance team that the network links are in fact secured. I call it a confidence check setting because that is really what it is, a statement in the logs to engender confidence in people who have limited knowledge of the detailed workings of the server process (which includes me at the moment). What is the process to make a suggestion to the pg maintainers to add a configurable logging option like this? Is there a way to use a key larger than 256 bits and is there any reason why this would not be useful in practice? Our standard key sizes here seem to by either 1024 or 2048. Regards, -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB@xxxxxxxxxxxxx Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend
