| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Mark Mielke <mark(at)mark(dot)mielke(dot)cc>, Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: SSL over Unix-domain sockets |
| Date: | 2008-01-15 09:10:37 |
| Message-ID: | 200801151010.38306.peter_e@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
Am Montag, 14. Januar 2008 schrieb Tom Lane:
> If we do want to apply Peter's patch, I think it needs to be extended so
> that the default behavior on sockets is the same as before, ie, no SSL.
> This could be done by giving libpq an additional connection parameter,
> say "socketsslmode", having the same alternatives as sslmode but
> defaulting to "allow" instead of "prefer".
I suggest we don't do anything for 8.3, and return to investigate the full
range of options for 8.4. Those might include adding SSL support for local
sockets but disabled by default, using SO_PEERCRED to check the server
identity, and more fine-grained control over (multiple?) local socket
placement.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2008-01-15 09:25:21 | Re: SSL over Unix-domain sockets |
| Previous Message | Markus Schiltknecht | 2008-01-15 08:42:56 | Re: Declarative partitioning grammar |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2008-01-15 09:25:21 | Re: SSL over Unix-domain sockets |
| Previous Message | Tom Lane | 2008-01-15 04:35:30 | Re: SSL over Unix-domain sockets |