Skip site navigation (1) Skip section navigation (2)

Re: Support for sslverify

From: Dave Page <dpage(at)pgadmin(dot)org>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org>
Subject: Re: Support for sslverify
Date: 2009-03-16 14:37:37
Message-ID: 937d27e10903160737m145c2e50sb0b83acbf87a9828@mail.gmail.com (view raw or flat)
Thread:
Lists: pgadmin-hackers
On Mon, Mar 16, 2009 at 2:35 PM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> Dave Page wrote:
>> On Mon, Mar 16, 2009 at 1:57 PM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>>
>>> OK, here's a patch that tries this. Since we're in beta, I definitely
>>> want eyes on it before I commit :-)
>>
>> OK, I've applied eyes - here are my immediate thoughts:
>>
>> - The verify mode strings look quite long, per my comment on IM.
>> Perhaps Full, Certificate or None would be better.
>
> I considered that, but I think that would be rather confusing the way
> the dialog is done. Then we'd need a separate header for it, no?
>
> FWIW, they fit fine in the dropdown on my Ubuntu box...
>
> The way it is now, only the "verification" part will slip outside the
> dialog box it they're too long, so I don't think it's too bad?

Meh, it was just a thought.

>
>> - There doesn't seem to be any way to push the verify mode down to the
>> backup/backupall/backupglobals/restore dialogues, or to the debugger
>> (which, annoyingly, still has it's own connection class). Do we want
>> to re-verify in those places, or just set verify=none, as we've
>> already verified at initial connection? I guess in theory a mitm
>> attack could start after we initially connect.
>
> Ick. I'll need to look into that. We must absolutely verify every
> connection, anything else is very stupid.
>
>
>> - Should verify mode also be exposed in the plugins interface? SSL
>> mode is, so it would seem logical.
>
> Yes, if it is, it should be. I think I need to go over my grepping a bit
> more carefully to see if there are more places.

:-)



-- 
Dave Page
EnterpriseDB UK:   http://www.enterprisedb.com

In response to

Responses

pgadmin-hackers by date

Next:From: Guillaume LelargeDate: 2009-03-16 18:02:45
Subject: Re: FTS Parser dialogue
Previous:From: Magnus HaganderDate: 2009-03-16 14:35:05
Subject: Re: Support for sslverify

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group