| From: | Jorge Godoy <jgodoy(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Postgresql and SSL |
| Date: | 2007-09-21 00:20:06 |
| Message-ID: | 200709202120.07364.jgodoy@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thursday 20 September 2007 11:41:00 Tom Lane wrote:
> "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at> writes:
> > Jorge Godoy wrote:
> >> Even though one can require connections using only SSL on the
> >> server side, I don't see a method (in pg_hba.conf) that
> >> would allow clients with SSL certificates.
> >
> > Nor do I.
>
> If you mean *require* clients to have certificates, that's not
> determined by pg_hba.conf, it's determined by whether you provide
> a root.crt file. See
> http://www.postgresql.org/docs/8.2/static/ssl-tcp.html
Thank you! Complemented with
http://www.postgresql.org/docs/8.2/static/libpq-ssl.html this is exactly
what we were guessing the OP asked for...
I'll have to dig if the libraries I use support that. It would be much more
interesting changing certificates once a year than hardcoding passwords on
code...
--
Jorge Godoy <jgodoy(at)gmail(dot)com>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jerry Sievers | 2007-09-21 01:50:44 | Re: Adding domain type with CHECK constraints slow on large table |
| Previous Message | Merlin Moncure | 2007-09-20 22:38:41 | Re: Migration from PervasiveSQL |