| From: | "James B(dot) Byrne" <byrnejb(at)harte-lyne(dot)ca> |
|---|---|
| To: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: ssl connections to postgresql |
| Date: | 2007-07-26 13:26:01 |
| Message-ID: | 37612.216.185.71.30.1185456361.squirrel@webmail.harte-lyne.ca |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Tue, July 24, 2007 18:29, Joshua D. Drake wrote:
>
> just enforce hostssl in your pg_hba.conf and nothing else. If you can
> connect, you are good :)
>
> Joshua D. Drake
Thanks, I will probably end up doing this.
What I am really looking for is an audit trail for all DBM host
connections to show the security compliance team that the network links
are in fact secured. I call it a confidence check setting because that is
really what it is, a statement in the logs to engender confidence in
people who have limited knowledge of the detailed workings of the server
process (which includes me at the moment).
What is the process to make a suggestion to the pg maintainers to add a
configurable logging option like this?
Is there a way to use a key larger than 256 bits and is there any reason
why this would not be useful in practice? Our standard key sizes here
seem to by either 1024 or 2048.
Regards,
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB(at)Harte-Lyne(dot)ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-07-26 14:04:19 | Re: a few questions (and doubts) about xid |
| Previous Message | James B. Byrne | 2007-07-26 13:19:01 | Re: ssl connections to postgresql |