Re: php, postgres, ssl

There are a couple of things you can do to establish a secure connection
between a remote postgres server and any other server.

One is using SSH tunnels:
http://www.postgresql.org/users-lounge/docs/7.0/admin/security1530.htm

Another is to establish your connection with "requiressl=true" as part of
the options strings under libpq -- which, since PHP uses libpq, I belive
should work under PHP as pg_Connect("host=server dbname=db user=me
password=pass requiressl=true") (and if it doesn't work, it should be able
to be added easily).

I haven't actually done either of these, but I also don't see any reason
why these wouldn't work :)

Michael Fork - CCNA - MCP - A+
Network Support - Toledo Internet Access - Toledo Ohio

On Wed, 21 Mar 2001, Martin A. Marques wrote:

> El Mi 21 Mar 2001 18:33, Adam Lang escribi:
> > Correct, all it does is connect straight to the database. It doesn't have
> > anything to involve encryption... it doesn't care. So, you'll probably
> > need to secure the path yourself, ie IPSEC.
> >
> > Someone else may have a better idea, but this is all I can think of.
> > Typically though, you shouldn't have PHP connect to a database over a
> > connection that is insecure/public.
> >
> > Any reason this is a concern?
>
> Well, I thought about this, because I was trying to build something like it.
> A web server, and a database server, seperated! So I thought, if Postgres
> accepts hostssl connections (if compiled with ssl support), why doesn't PHP
> use this powerfull feature?
> Would it be difficult to build a pg_connectssl function in PHP that would do
> this?
>
> Saludos... :-)
>
> --
> System Administration: It's a dirty job,
> but someone told me I had to do it.
> -----------------------------------------------------------------
> Martn Marqus email: martin(at)math(dot)unl(dot)edu(dot)ar
> Santa Fe - Argentina http://math.unl.edu.ar/~martin/
> Administrador de sistemas en math.unl.edu.ar
> -----------------------------------------------------------------
>