Skip site navigation (1) Skip section navigation (2)

Documentation improvements for PgJDBC

From: Craig Ringer <craig(at)postnewspapers(dot)com(dot)au>
To: PG-JDBC Mailing List <pgsql-jdbc(at)postgresql(dot)org>
Subject: Documentation improvements for PgJDBC
Date: 2010-05-20 03:49:53
Message-ID: 4BF4B161.2070800@postnewspapers.com.au (view raw or flat)
Thread:
Lists: pgsql-jdbc
Hi folks

It might save people some time and hassle if the PgJDBC docs referenced:

  http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html

where custom SSLSocketFactory implementations are discussed. It's quite
trivial to provide app-specific keystores and cert stores using
runtime-set java properties, to import user-supplied PKCS#12 certs for
client certificate use, etc, but only if you know where to look. The
JavaDoc for the JSSE API is ... lacking ... so references to good
starting points would really help.

It makes me uncomfortable that the only SSLSocketFactory provided by
Pg's JDBC Driver at the moment just disables server certificate
checking. If I get the chance I'll try to supply one that loads a
PKCS#12 client certificate, uses that for authentication, and uses the
certs from that and/or the standard Java cacerts to verify the server's
identity. I had an implementation earlier, but it turned out to
duplicate much of what the Java APIs do (once you know where to look) so
I'll be sending a greatly simplified single-class version for inclusion
in PgJDBC in a while.

In the mean time, adding some docs refs would IMO significantly improve
usability of the PgJDBC SSL features and help reduce the number of
people who just say "stuff it, I'll disable cert validation since that's
easy".

-- 
Craig Ringer

Tech-related writing: http://soapyfrogs.blogspot.com/

Responses

pgsql-jdbc by date

Next:From: LewDate: 2010-05-20 13:34:27
Subject: Re: Documentation improvements for PgJDBC
Previous:From: LewDate: 2010-05-19 15:33:30
Subject: Re: JDBC Driver and timezones

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group