Skip site navigation (1) Skip section navigation (2)

Re: [INTERFACES] Using JDBC and SSL (or any method of security)

From: Peter T Mount <peter(at)taer(dot)maidstone(dot)gov(dot)uk>
To: "Andrew R(dot) Jackson" <ajackson(at)dezines(dot)com>
Cc: pgsql-interfaces(at)hub(dot)org
Subject: Re: [INTERFACES] Using JDBC and SSL (or any method of security)
Date: 1998-07-21 12:32:31
Message-ID: Pine.LNX.3.96.980721133135.2998I-100000@taer.maidstone.gov.uk (view raw or flat)
Thread:
Lists: pgsql-interfaces
[email problems within maidstone.gov.uk has delayed this response -
peter]

On Wed, 15 Jul 1998, Andrew R. Jackson wrote:

> At 06:51 AM 15/07/98 +0100, you wrote:
> >> We want to use JDBC together with a patched PostgreSQL using Brett
> >> McCormick's PostgreSQl-SSL patch.  Is it possible to use encrypted
> >> communication with JDBC using this?  Or kerberos?  Or do you have any
> >> suggestions as to how we can make it secure?
> >
> >Currently there is no way of encrypting the data stream using SSL or
> >Kerberos - yet. The java.security api may help us in the near future.
> 
> The article "JBDC Drivers and Web Security" by Mukul Sood in Dr. Dobb's
> Journal (July 1998) discusses this a bit and some solutions that
> currently exist. A discussion about the use of SSL in JBDC solutions is
> included. In addition, three of the driver venders considered in the
> latter part of the article make use of SSL. 
> 
> As Sood says "any program that makes use of TCP can be modified to use
> SSL connections". Several of the driver venders make use of this by
> providing encryption and authentification services to network
> applications (including Java applets and applications using JDBC) using
> SSL. 
> 
> For a good example of this, read the section in the article on
> WebLogic's Tengah/JBDC, which uses RSA SSL.

When I get time, I'll look at how SSL works with postgresql at the moment,
and see if I can implement it easily. 

>
>The only encoding possible so far is using the crypt authentication
> >system, where the password is sent over the wire encrypted. We can handle
> >this, as we have our own copy of crypt in the driver.
> 
> Peter or somebody, could you point me to an example of how this is used? Thanks.

Simply set the authentication type in pg_hba.conf to crypt. ie:

host all 192.168.4.0 255.255.255.0 crypt

Because the protocol sents the authentication type to the client, the
driver automatically switches to crypt.

--
Peter Mount (at work) peter(at)taer(dot)maidstone(dot)gov(dot)uk or peter(at)maidstone(dot)gov(dot)uk
If you mail me here, please cc my home address peter(at)retep(dot)org(dot)uk



In response to

pgsql-interfaces by date

Next:From: Peter T MountDate: 1998-07-21 12:33:13
Subject: Re: [INTERFACES] "static" libraries?
Previous:From: Peter T MountDate: 1998-07-21 12:31:11
Subject: Re: [INTERFACES] JDBC JAVA interface

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group