From: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
---|---|
To: | Lesley Kimmel <lesley(dot)j(dot)kimmel(at)gmail(dot)com> |
Cc: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: PosgreSQL Security Architecture |
Date: | 2016-02-16 19:15:42 |
Message-ID: | CAMkU=1zsELD9D6GDoCWdXGx-ykTePkYX1Jh7YF3JsErgpMEhEQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Fri, Feb 12, 2016 at 5:20 AM, Lesley Kimmel
<lesley(dot)j(dot)kimmel(at)gmail(dot)com> wrote:
> Thanks for the reply Laurenz. Of course the first thing that I thought of to
> prevent man-in-the-middle was SSL. However, I also like to try to address
> the issue in a way that seems to get at what they are intending. It seemed
> to me that they wanted to do some configuration within the database related
> to session IDs.
As far as server configuration, you can configure your server to only
accept ssl connections in pg_hba.conf. You should also configure your
clients to do sslmode=verify-full on the ssl certificate sent to them
by the server (which is not the default).
Cheers,
Jeff
From | Date | Subject | |
---|---|---|---|
Next Message | Steve Crawford | 2016-02-16 21:26:28 | Transactions, stats and analyze (oh-my) |
Previous Message | jaime soler | 2016-02-16 18:35:00 | Re: ORA2PG HP-UX11i23 Itanium |