Skip site navigation (1) Skip section navigation (2)

Re: SSL over Unix-domain sockets

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Bruce Momjian <bruce(at)momjian(dot)us>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: SSL over Unix-domain sockets
Date: 2008-01-04 17:35:02
Message-ID: 200801041835.03195.peter_e@gmx.net (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Am Freitag, 4. Januar 2008 schrieb Bruce Momjian:
> Peter Eisentraut wrote:
> > Using the attached patch, SSL will act over Unix-domain sockets.  AFAICT,
> > this just works.  I didn't find a way to sniff a Unix-domain socket,
> > however.
> >
> > How should we proceed with this?
>
> I am confused by the shortness of this patch.  Right now pg_hba.conf
> has:
>
> 	# host       DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
> 	# hostssl    DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
> 	# hostnossl  DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
>
> These are all for TCP connections.  How do we handle 'local' SSL
> connection specification?  Do we want to provide similar functionality
> for local connections?

Yes, we might want to add that as well.  That and some documentation updates 
would probably cover everything.

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/

In response to

Responses

pgsql-hackers by date

Next:From: Bruce MomjianDate: 2008-01-04 17:37:37
Subject: Re: SSL over Unix-domain sockets
Previous:From: Bruce MomjianDate: 2008-01-04 17:18:34
Subject: Re: SSL over Unix-domain sockets

pgsql-patches by date

Next:From: Bruce MomjianDate: 2008-01-04 17:37:37
Subject: Re: SSL over Unix-domain sockets
Previous:From: Bruce MomjianDate: 2008-01-04 17:18:34
Subject: Re: SSL over Unix-domain sockets

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group