Skip site navigation (1) Skip section navigation (2)

Re: pg_hba.conf

From: jseymour(at)linxnet(dot)com (Jim Seymour)
To: pgsql-admin(at)postgresql(dot)org
Subject: Re: pg_hba.conf
Date: 2004-05-26 15:34:32
Message-ID: 20040526153432.114A6430E@jimsun.linxnet.com (view raw or flat)
Thread:
Lists: pgsql-admin
Note: Please do NOT Cc: me on replies to the mailing list.  I read the
mailing list.  One copy of your comments is sufficient.  Thank you.

> 
> Thanks Mike!
> 
> Do you know if pgSQL will be supporting higher level of encryption in
> the near future? Most of us here at Ameritrade work from home via VPN.=20

As I told "mike g": pgsql's encryption has *nothing* to do with your
VPN's encryption.  I'm running a sort of a VPN, using port-
forwarding over OpenSSH.  In fact, from work just now...

From an xterm...
$ ssh -C -c blowfish -2 -L 57001:athome.example.com:5432 athome.example.com

What that command says is to do an SSH login to athome.example.com
and port-forward port 57001 on the local machine to port 5432 on
athome.example.com.  The "-C" says to use data compression on the
session.  The "-c blowfish" says to encrypt the session using the
Blowfish encryption algorithm.

From another xterm...
$ psql -h 127.0.0.1 -p 57001
Password: 
Welcome to psql 7.4.2, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help on internal slash commands
       \g or terminate with semicolon to execute query
       \q to quit

jseymour=> 

That is the pgsql server on my machine at home.

Now, in my case, it's simplified in that what pgsql sees coming in is
a connection from its own server (localhost), because the connection
is port-forwarded by SSH, rather than routed over a VPN route.  But
that's just a technicality.  The point I'm trying to make is that
pgsql doesn't care, doesn't even *know*, what the VPN connection
uses for encryption--or even that it *is* encrypted.  (Much-less that
my SSH connection travels through an application proxy firewall, 
a NAT'd router, and the Lord knows how many routers and other network
equipment on the way.)

Jim

pgsql-admin by date

Next:From: Bruno Wolff IIIDate: 2004-05-26 15:51:48
Subject: Re: table check
Previous:From: Bruno Wolff IIIDate: 2004-05-26 15:29:36
Subject: Re: pg_hba.conf

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group