| From: | Gregory Stark <stark(at)enterprisedb(dot)com> |
|---|---|
| To: | "Robert Treat" <xzilla(at)users(dot)sourceforge(dot)net> |
| Cc: | <pgsql-general(at)postgresql(dot)org>, "Koen Vermeer" <koen(at)vermeer(dot)tv> |
| Subject: | Re: Force SSL / username combination |
| Date: | 2007-07-13 09:21:13 |
| Message-ID: | 87k5t464mu.fsf@oxford.xeocode.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
"Robert Treat" <xzilla(at)users(dot)sourceforge(dot)net> writes:
> I'm guessing the lack of response is due to a lack of knowledge on the topic.
> Personally I've never quite understood how you'd make use of the sslinfo
> functions to manage connections without something like on commit triggers, so
> I hope you'll consider submitting some documentation once you figure it out.
Well if you do the popular technique of doing everything through stored
procedures (in our case plpgsql functions) then you can have those functions
check. I don't like that approach myself though.
You could also have a column with a default value which uses the sslinfo to
retrieve the common name. Or you could have a trigger which throws an error if
that function doesn't return valid value. Either way you would be doing a lot
more work than necessary since it would be checking every row, not once per
session. And it wouldn't stop selects.
I think what you really want is a ON CONNECT trigger for this.
--
Gregory Stark
EnterpriseDB http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | angga erwina | 2007-07-13 10:33:23 | how to measure performance slony |
| Previous Message | Gregory Stark | 2007-07-13 09:12:57 | Re: One Large Table or Multiple DBs? |