| From: | "Donald Fraser" <postgres(at)kiwi-fraser(dot)net> |
|---|---|
| To: | "[JDBC]" <pgsql-jdbc(at)postgresql(dot)org> |
| Subject: | Re: SSL - NonValidatingFactory |
| Date: | 2009-07-24 20:35:59 |
| Message-ID: | 06A1A99816A8447CBC59B1F54CA93286@Demolish2 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
----- Original Message -----
From: Saleem EDAH-TALLY
>OK, that's a clear explanation.
>I don't know if devs on this forum are server devs too. I would suggest
>that irrespective of the presence of a server trusted cert (root.crt) that
>the server be usable by the client, as his any time choice, for
>encryption only and/or server/client authentication. Other RDBMS allow
>that : Oracle, Apache Derby and MySQL.
>Although traffic encryption only raises security concerns, it may be
>helpful in some limited cases.
Can I just say my two cents worth.
I think what you want is server authentication, which is achieved with
server certificates. That is a server.crt and server.key files in the data
directory of the server.
The client can choose, if configured correctly in pg_hba.conf, whether they
want to connect with ssl or not and this is when you might want the
NonValidatingFactory, which I would guess means you don't need the server's
public key certificate in the Java key store to validate against.
Regards
Donald
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John Dunlap | 2009-07-25 15:29:16 | No suitable driver found |
| Previous Message | Saleem EDAH-TALLY | 2009-07-24 20:07:48 | Re: SSL - NonValidatingFactory |