| From: | Dave Page <dpage(at)pgadmin(dot)org> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org> |
| Subject: | Re: Support for sslverify |
| Date: | 2009-03-16 14:30:36 |
| Message-ID: | 937d27e10903160730s56118f4es104118b76f3e72cd@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers |
On Mon, Mar 16, 2009 at 1:57 PM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> OK, here's a patch that tries this. Since we're in beta, I definitely
> want eyes on it before I commit :-)
OK, I've applied eyes - here are my immediate thoughts:
- The verify mode strings look quite long, per my comment on IM.
Perhaps Full, Certificate or None would be better.
- There doesn't seem to be any way to push the verify mode down to the
backup/backupall/backupglobals/restore dialogues, or to the debugger
(which, annoyingly, still has it's own connection class). Do we want
to re-verify in those places, or just set verify=none, as we've
already verified at initial connection? I guess in theory a mitm
attack could start after we initially connect.
- Should verify mode also be exposed in the plugins interface? SSL
mode is, so it would seem logical.
--
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2009-03-16 14:35:05 | Re: Support for sslverify |
| Previous Message | Dave Page | 2009-03-16 14:18:23 | Re: Hi, Testeting Beta GQB bug and patch |