Re: HowTo SSL probaply with ODBC ?

From: "Albe Laurenz" <all(at)adv(dot)magwien(dot)gv(dot)at>
To: "Andreas *EXTERN*" <maps(dot)on(at)gmx(dot)net>, <pgsql-odbc(at)postgresql(dot)org>, <pgsql-general(at)postgresql(dot)org>
Subject: Re: HowTo SSL probaply with ODBC ?
Date: 2007-05-18 07:26:09
Message-ID: AFCCBB403D7E7A4581E48F20AF3E5DB202BDC5FC@EXADV1.host.magwien.gv.at
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general pgsql-odbc

Andreas wrote:
> is there a documentation on how to secure a connection withe SSL?
> That is an option of the ODBC driver, isn't it?
>
> The motivation is that I need to rent a remote server for PG.
> Their admin proposes to open port 5432 on the outside of their
firewall
> but he has no idea how to secure the access besides PG's
user/password.
> I couldn't even restrict the accessing IPs within PG because they will

> be dynamic.

The ODBC driver uses libpq.dll to establish the connection, and
libpq.dll
can use SSL encryption, so you should have no problem.

You must enable SSL on the server (your provider, that is), by setting
'ssl = on' in postgresql.conf. There must be a server.key and server.crt
file in the PostgreSQL server data directory containing the private key
and the public certificate of the server.

Moreover, this only makes sense if you enforce it.
In pg_hba.conf on the server, add two lines like this:

hostssl all all 0.0.0.0/0 md5
host all all 0.0.0.0/0 reject

Then only SSL connections will be accepted.

This way you can also restrict connections to be only allowed from
your subnet - just change the IP address and netmask in the 'hostssl'
line to match your subnet.

Yours,
Laurenz Albe

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Tomas Macek 2007-05-18 08:10:47
Previous Message Tom Lane 2007-05-18 04:15:30 Re: Fixing broken permissions for deleted user

Browse pgsql-odbc by date

  From Date Subject
Next Message Ludek Finstrle 2007-05-21 06:49:38 Re: postgres odbc with crystal reports server xi on linux
Previous Message Dr. Maybe 2007-05-18 05:26:17 postgres odbc with crystal reports server xi on linux