Skip site navigation (1) Skip section navigation (2)

Re: Support for sslverify

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Dave Page <dpage(at)pgadmin(dot)org>
Cc: pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org>
Subject: Re: Support for sslverify
Date: 2009-03-16 14:35:05
Message-ID: 49BE6399.2030201@hagander.net (view raw or flat)
Thread:
Lists: pgadmin-hackers
Dave Page wrote:
> On Mon, Mar 16, 2009 at 1:57 PM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> 
>> OK, here's a patch that tries this. Since we're in beta, I definitely
>> want eyes on it before I commit :-)
> 
> OK, I've applied eyes - here are my immediate thoughts:
> 
> - The verify mode strings look quite long, per my comment on IM.
> Perhaps Full, Certificate or None would be better.

I considered that, but I think that would be rather confusing the way
the dialog is done. Then we'd need a separate header for it, no?

FWIW, they fit fine in the dropdown on my Ubuntu box...

The way it is now, only the "verification" part will slip outside the
dialog box it they're too long, so I don't think it's too bad?



> - There doesn't seem to be any way to push the verify mode down to the
> backup/backupall/backupglobals/restore dialogues, or to the debugger
> (which, annoyingly, still has it's own connection class). Do we want
> to re-verify in those places, or just set verify=none, as we've
> already verified at initial connection? I guess in theory a mitm
> attack could start after we initially connect.

Ick. I'll need to look into that. We must absolutely verify every
connection, anything else is very stupid.


> - Should verify mode also be exposed in the plugins interface? SSL
> mode is, so it would seem logical.

Yes, if it is, it should be. I think I need to go over my grepping a bit
more carefully to see if there are more places.

//Magnus


In response to

Responses

pgadmin-hackers by date

Next:From: Dave PageDate: 2009-03-16 14:37:37
Subject: Re: Support for sslverify
Previous:From: Dave PageDate: 2009-03-16 14:30:36
Subject: Re: Support for sslverify

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group