On Mon, Mar 16, 2009 at 2:35 PM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> Dave Page wrote:
>> On Mon, Mar 16, 2009 at 1:57 PM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>>> OK, here's a patch that tries this. Since we're in beta, I definitely
>>> want eyes on it before I commit :-)
>> OK, I've applied eyes - here are my immediate thoughts:
>> - The verify mode strings look quite long, per my comment on IM.
>> Perhaps Full, Certificate or None would be better.
> I considered that, but I think that would be rather confusing the way
> the dialog is done. Then we'd need a separate header for it, no?
> FWIW, they fit fine in the dropdown on my Ubuntu box...
> The way it is now, only the "verification" part will slip outside the
> dialog box it they're too long, so I don't think it's too bad?
Meh, it was just a thought.
>> - There doesn't seem to be any way to push the verify mode down to the
>> backup/backupall/backupglobals/restore dialogues, or to the debugger
>> (which, annoyingly, still has it's own connection class). Do we want
>> to re-verify in those places, or just set verify=none, as we've
>> already verified at initial connection? I guess in theory a mitm
>> attack could start after we initially connect.
> Ick. I'll need to look into that. We must absolutely verify every
> connection, anything else is very stupid.
>> - Should verify mode also be exposed in the plugins interface? SSL
>> mode is, so it would seem logical.
> Yes, if it is, it should be. I think I need to go over my grepping a bit
> more carefully to see if there are more places.
EnterpriseDB UK: http://www.enterprisedb.com
In response to
pgadmin-hackers by date
|Next:||From: Guillaume Lelarge||Date: 2009-03-16 18:02:45|
|Subject: Re: FTS Parser dialogue|
|Previous:||From: Magnus Hagander||Date: 2009-03-16 14:35:05|
|Subject: Re: Support for sslverify|