| From: | Kris Jurka <books(at)ejurka(dot)com> |
|---|---|
| To: | José Carlos Stevenson <postgresql(at)windfinder(dot)com(dot)br> |
| Cc: | pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: SSL Problem |
| Date: | 2004-07-16 17:34:32 |
| Message-ID: | Pine.BSO.4.56.0407161224440.22335@leary.csoft.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
On Fri, 16 Jul 2004, [ISO-8859-1] Jos Carlos Stevenson wrote:
> I've been using JWS to deploy an application that uses postgresql.
> I've configured pg to use MD5 for a minimum of security (user and
> passwd) - how can I deploy an app that uses SSL WITHOUT having to run
> keytool on each machine?
> Can I "show" the certificate (self signed) and ask the user if he/she
> would like to accept it as valied? Is thera a HOWTO anywhere or some
> sample code showing how to do that?
One answer is to use a server key/cert that has been signed by a
certificate authority thats already distributed with the JVM, but that's
going to cost you money.
A number of people have asked to not require a trusted cert to get around
both this problem and something like an applet which has no control. The
decrease in security has made me hesitant to do this. A while back Chris
Smith proposed a patch to allow the user to supply their own
SSLSocketFactory.
http://archives.postgresql.org/pgsql-jdbc/2004-02/msg00218.php
I didn't like this at the time, but perhaps we should revisit it.
Kris Jurka
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Oliver Jowett | 2004-07-17 03:55:47 | patch: fix hopelessly broken decodeUTF8() method |
| Previous Message | José Carlos Stevenson | 2004-07-16 15:10:16 | Re: SSL Problem |