Skip site navigation (1) Skip section navigation (2)

Re: Support for sslverify

From: Dave Page <dpage(at)pgadmin(dot)org>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org>
Subject: Re: Support for sslverify
Date: 2009-03-16 14:30:36
Message-ID: 937d27e10903160730s56118f4es104118b76f3e72cd@mail.gmail.com (view raw or flat)
Thread:
Lists: pgadmin-hackers
On Mon, Mar 16, 2009 at 1:57 PM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:

> OK, here's a patch that tries this. Since we're in beta, I definitely
> want eyes on it before I commit :-)

OK, I've applied eyes - here are my immediate thoughts:

- The verify mode strings look quite long, per my comment on IM.
Perhaps Full, Certificate or None would be better.

- There doesn't seem to be any way to push the verify mode down to the
backup/backupall/backupglobals/restore dialogues, or to the debugger
(which, annoyingly, still has it's own connection class). Do we want
to re-verify in those places, or just set verify=none, as we've
already verified at initial connection? I guess in theory a mitm
attack could start after we initially connect.

- Should verify mode also be exposed in the plugins interface? SSL
mode is, so it would seem logical.

-- 
Dave Page
EnterpriseDB UK:   http://www.enterprisedb.com

In response to

Responses

pgadmin-hackers by date

Next:From: Magnus HaganderDate: 2009-03-16 14:35:05
Subject: Re: Support for sslverify
Previous:From: Dave PageDate: 2009-03-16 14:18:23
Subject: Re: Hi, Testeting Beta GQB bug and patch

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group