On Fri, Apr 22, 2005 at 04:38:29PM -0400, ruel.cima wrote: > > im handling some important information that needs to be stored in my > postgresql database via a php script. i've been reading the mails sent on > this mailing list on SSL use. my postgresql server allows SSL connections > but im not sure how to make use of this.id like to know more about ssl and > how to take advantage of its security features. any references? The documentation index has a few entries for "SSL". Here are some useful links for 8.0: http://www.postgresql.org/docs/8.0/interactive/ssl-tcp.html http://www.postgresql.org/docs/8.0/interactive/libpq.html#LIBPQ-CONNECT http://www.postgresql.org/docs/8.0/interactive/client-authentication.html#AUTH-PG-HBA-CONF > from my php script, do i need to make a special connection to the database > or is the same e.g pg_connect(host= localhost dbname=test user=p > password=p)? You could add "sslmode=require" to attempt only an SSL connection. If the connection should always be encrypted, then you could edit the server's pg_hba.conf and allow only "hostssl" connections. In that case you shouldn't need to specify "sslmode=require" when you connect, although doing so serves as a safety measure against pg_hba.conf misconfiguration, and as a reminder that the connection should be encrypted. > is my information automatically transfered in an encrypted fashion? Yes, assuming you've successfully negotiated an SSL connection. To be sure, you could use a sniffer like tcpdump or ethereal to look at the traffic. -- Michael Fuhr http://www.fuhr.org/~mfuhr/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
