On Mon, Mar 16, 2009 at 1:57 PM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> OK, here's a patch that tries this. Since we're in beta, I definitely
> want eyes on it before I commit :-)
OK, I've applied eyes - here are my immediate thoughts:
- The verify mode strings look quite long, per my comment on IM.
Perhaps Full, Certificate or None would be better.
- There doesn't seem to be any way to push the verify mode down to the
backup/backupall/backupglobals/restore dialogues, or to the debugger
(which, annoyingly, still has it's own connection class). Do we want
to re-verify in those places, or just set verify=none, as we've
already verified at initial connection? I guess in theory a mitm
attack could start after we initially connect.
- Should verify mode also be exposed in the plugins interface? SSL
mode is, so it would seem logical.
EnterpriseDB UK: http://www.enterprisedb.com
In response to
pgadmin-hackers by date
|Next:||From: Magnus Hagander||Date: 2009-03-16 14:35:05|
|Subject: Re: Support for sslverify|
|Previous:||From: Dave Page||Date: 2009-03-16 14:18:23|
|Subject: Re: Hi, Testeting Beta GQB bug and patch|