Re: pg_hba.conf

Note: Please do NOT Cc: me on replies to the mailing list. I read the
mailing list. One copy of your comments is sufficient. Thank you.

>
> Thanks Mike!
>
> Do you know if pgSQL will be supporting higher level of encryption in
> the near future? Most of us here at Ameritrade work from home via VPN.=20

As I told "mike g": pgsql's encryption has *nothing* to do with your
VPN's encryption. I'm running a sort of a VPN, using port-
forwarding over OpenSSH. In fact, from work just now...

From an xterm...
$ ssh -C -c blowfish -2 -L 57001:athome.example.com:5432 athome.example.com

What that command says is to do an SSH login to athome.example.com
and port-forward port 57001 on the local machine to port 5432 on
athome.example.com. The "-C" says to use data compression on the
session. The "-c blowfish" says to encrypt the session using the
Blowfish encryption algorithm.

From another xterm...
$ psql -h 127.0.0.1 -p 57001
Password:
Welcome to psql 7.4.2, the PostgreSQL interactive terminal.

Type: \copyright for distribution terms
\h for help with SQL commands
\? for help on internal slash commands
\g or terminate with semicolon to execute query
\q to quit

jseymour=>

That is the pgsql server on my machine at home.

Now, in my case, it's simplified in that what pgsql sees coming in is
a connection from its own server (localhost), because the connection
is port-forwarded by SSH, rather than routed over a VPN route. But
that's just a technicality. The point I'm trying to make is that
pgsql doesn't care, doesn't even *know*, what the VPN connection
uses for encryption--or even that it *is* encrypted. (Much-less that
my SSH connection travels through an application proxy firewall,
a NAT'd router, and the Lord knows how many routers and other network
equipment on the way.)

Jim