Skip site navigation (1) Skip section navigation (2)

Re: SSL over Unix-domain sockets

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: SSL over Unix-domain sockets
Date: 2008-01-05 17:39:08
Message-ID: 6866.1199554748@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches 
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> Here is a patch that implements "localssl" as well.  It is quite simple.  

The other area that would need some thought before we could consider
this "done" is the behavior of libpq's sslmode parameter.  With the
patch as given, an SSL-capable libpq will *default* to using SSL over
sockets, which might be thought overkill; it is almost certainly
going to result in a performance penalty.  Is this a reasonable default
behavior?  Should sslmode be extended to allow specification of
different behaviors for sockets vs. TCP?

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Markus SchiltknechtDate: 2008-01-05 19:02:41
Subject: Re: Dynamic Partitioning using Segment Visibility Maps
Previous:From: Robert TreatDate: 2008-01-05 16:59:46
Subject: Re: Dynamic Partitioning using Segment Visibility Maps

pgsql-patches by date

Next:From: Mark MielkeDate: 2008-01-05 19:14:53
Subject: Re: SSL over Unix-domain sockets
Previous:From: Peter EisentrautDate: 2008-01-05 13:13:46
Subject: Re: SSL over Unix-domain sockets

Privacy Policy | About PostgreSQL
Copyright © 1996-2013 The PostgreSQL Global Development Group