Skip site navigation (1) Skip section navigation (2)

Re: SSL Support?

From: "Klemens Seydel" <pierromail(at)gmx(dot)de>
To: "Mitch Vincent" <mitch(at)doot(dot)org>
Cc: <pgsql-odbc(at)postgresql(dot)org>
Subject: Re: SSL Support?
Date: 2002-01-24 03:01:17
Message-ID: 019301c1a483$694a42b0$1764a8c0@potsdam.amsoft.de (view raw or flat)
Thread:
Lists: pgsql-odbc
Hi Mitch,

there will be no point in the faq's concerning the setup of secure
tunnels since it's no *PART* of postgresql but a way of *USING* it.

Setting up an SSL tunnel is really easy:

1. Get Stunnel (www.stunnel.org)
2. Unpack on Client, Unpack on Server
3. Run on Server:
   stunnel-3.20.exe -p <pem-file> -d <sslextport> -r localhost:<dbport>
4. Run on Client:
   stunnel-3.20.exe -c -d <localport> -r <server>:<sslextport>
5. Make your ODBC connection (yes I mean client side) listening
   to localhost:<localport>
6. See it working

Now, if all works and you want to make it bombsafe, change your
database configuration to only accept new connections from the
inside "localhost"/"127.0.0.1" but no hosts else. The only way
the data can be still accessed, is from your brand new ssl tunnel
or the server machine itself.

You see it requires minimal a certificate (i.e. *.pem-file) on the
server side (optional on client side) suggesting you already got a
working certificate from your root authority. Get a simple (free)
certificate only for testing purposes from www.thawte.com.

They will contact you if you need a personal identity certificate
or a root key so you can be your own root authority, giving out
identity certs to your customers or workers or anybody else.

The Scheme is easy to understand:

[Server]   SSL-Port [ ]<----- SSL on TC/IP ----->[ ] SSL-Port   [Client]
   |                 |                            |                |
   |                 |                            |                |
   |        (stunnel sitting here)       (stunnel sitting here)    |
   |             (trusted)                        |                |
   |                 |                            |                |
  [ ] DB-Port        |                            |       DB-Port [ ]
   |_________________|                            |________________|


That's just a sample config, working locally here on my machine, for a
custom project to be moved to internet soon. I only need to change the
hosts in config files from "localhost" to the corresponding server ip
address. I use newest winxp+mysql and rhlinux/pgsql the stuff works
fine on both systems (better should I say worlds?).

I hope, I lightened it out enough.

Regards from germany,

Klemens Seydel
AM-Soft - IT-Systeme

          Hameln         Leipzig         Potsdam          Berlin
Tel.:  05151-9468-0   034206-6593-0    0331-743881-0    030-8058693-0
Fax :  05151-9468-88  034206-6593-88   0331-743881-31   030-8058693-88
         email : kseydel(at)am-soft(dot)de       http://www.am-soft.de



----- Original Message -----
From: "Mitch Vincent" <mitch(at)doot(dot)org>
To: <pgsql-odbc(at)postgresql(dot)org>
Sent: Wednesday, January 23, 2002 9:01 PM
Subject: Re: [ODBC] SSL Support?


> Thanks!
>
> I did check out the website and can't seem to find a link to a FAQ (and
the
> documentation didn't mention SSL as far as I could find).. Perhaps I'm
> mistaken, sometimes things hide in plain view with me :-)
>
> -Mitch
>
> ----- Original Message -----
> From: "Cedar Cox" <cedarc(at)visionforisrael(dot)com>
> To: "Mitch Vincent" <mitch(at)doot(dot)org>
> Sent: Wednesday, January 23, 2002 1:46 PM
> Subject: Re: [ODBC] SSL Support?
>
>
> >
> > No. (um.. IIRC.  Read the docs/faqs). Use something like ssh tunnels..
> > You should probably visit http://odbc.postgresql.org
> >
> > -Cedar
> >
> > On Wed, 23 Jan 2002, Mitch Vincent wrote:
> >
> > > I'm new to ODBC, and Windows programming (though I've been programming
> with
> > > PostgreSQL for years, never with ODBC from Windows.)
> > >
> > > Is there any SSL support in the ODBC driver for PostgreSQL ?
> > >
> > > Thanks!
> > >
> > > -Mitch
> > >
> >
> >
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org
>


















In response to

pgsql-odbc by date

Next:From: Joseph WatsonDate: 2002-01-24 03:08:27
Subject: Connection Problem
Previous:From: Mitch VincentDate: 2002-01-23 20:01:16
Subject: Re: SSL Support?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group