there will be no point in the faq's concerning the setup of secure
tunnels since it's no *PART* of postgresql but a way of *USING* it.
Setting up an SSL tunnel is really easy:
1. Get Stunnel (www.stunnel.org)
2. Unpack on Client, Unpack on Server
3. Run on Server:
stunnel-3.20.exe -p <pem-file> -d <sslextport> -r localhost:<dbport>
4. Run on Client:
stunnel-3.20.exe -c -d <localport> -r <server>:<sslextport>
5. Make your ODBC connection (yes I mean client side) listening
6. See it working
Now, if all works and you want to make it bombsafe, change your
database configuration to only accept new connections from the
inside "localhost"/"127.0.0.1" but no hosts else. The only way
the data can be still accessed, is from your brand new ssl tunnel
or the server machine itself.
You see it requires minimal a certificate (i.e. *.pem-file) on the
server side (optional on client side) suggesting you already got a
working certificate from your root authority. Get a simple (free)
certificate only for testing purposes from www.thawte.com.
They will contact you if you need a personal identity certificate
or a root key so you can be your own root authority, giving out
identity certs to your customers or workers or anybody else.
The Scheme is easy to understand:
[Server] SSL-Port [ ]<----- SSL on TC/IP ----->[ ] SSL-Port [Client]
| | | |
| | | |
| (stunnel sitting here) (stunnel sitting here) |
| (trusted) | |
| | | |
[ ] DB-Port | | DB-Port [ ]
That's just a sample config, working locally here on my machine, for a
custom project to be moved to internet soon. I only need to change the
hosts in config files from "localhost" to the corresponding server ip
address. I use newest winxp+mysql and rhlinux/pgsql the stuff works
fine on both systems (better should I say worlds?).
I hope, I lightened it out enough.
Regards from germany,
AM-Soft - IT-Systeme
Hameln Leipzig Potsdam Berlin
Tel.: 05151-9468-0 034206-6593-0 0331-743881-0 030-8058693-0
Fax : 05151-9468-88 034206-6593-88 0331-743881-31 030-8058693-88
email : kseydel(at)am-soft(dot)de http://www.am-soft.de
----- Original Message -----
From: "Mitch Vincent" <mitch(at)doot(dot)org>
Sent: Wednesday, January 23, 2002 9:01 PM
Subject: Re: [ODBC] SSL Support?
> I did check out the website and can't seem to find a link to a FAQ (and
> documentation didn't mention SSL as far as I could find).. Perhaps I'm
> mistaken, sometimes things hide in plain view with me :-)
> ----- Original Message -----
> From: "Cedar Cox" <cedarc(at)visionforisrael(dot)com>
> To: "Mitch Vincent" <mitch(at)doot(dot)org>
> Sent: Wednesday, January 23, 2002 1:46 PM
> Subject: Re: [ODBC] SSL Support?
> > No. (um.. IIRC. Read the docs/faqs). Use something like ssh tunnels..
> > You should probably visit http://odbc.postgresql.org
> > -Cedar
> > On Wed, 23 Jan 2002, Mitch Vincent wrote:
> > > I'm new to ODBC, and Windows programming (though I've been programming
> > > PostgreSQL for years, never with ODBC from Windows.)
> > >
> > > Is there any SSL support in the ODBC driver for PostgreSQL ?
> > >
> > > Thanks!
> > >
> > > -Mitch
> > >
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
In response to
pgsql-odbc by date
|Next:||From: Joseph Watson||Date: 2002-01-24 03:08:27|
|Subject: Connection Problem|
|Previous:||From: Mitch Vincent||Date: 2002-01-23 20:01:16|
|Subject: Re: SSL Support?|