| From: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
|---|---|
| To: | Lesley Kimmel <lesley(dot)j(dot)kimmel(at)gmail(dot)com> |
| Cc: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: PosgreSQL Security Architecture |
| Date: | 2016-02-16 19:15:42 |
| Message-ID: | CAMkU=1zsELD9D6GDoCWdXGx-ykTePkYX1Jh7YF3JsErgpMEhEQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, Feb 12, 2016 at 5:20 AM, Lesley Kimmel
<lesley(dot)j(dot)kimmel(at)gmail(dot)com> wrote:
> Thanks for the reply Laurenz. Of course the first thing that I thought of to
> prevent man-in-the-middle was SSL. However, I also like to try to address
> the issue in a way that seems to get at what they are intending. It seemed
> to me that they wanted to do some configuration within the database related
> to session IDs.
As far as server configuration, you can configure your server to only
accept ssl connections in pg_hba.conf. You should also configure your
clients to do sslmode=verify-full on the ssl certificate sent to them
by the server (which is not the default).
Cheers,
Jeff
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Steve Crawford | 2016-02-16 21:26:28 | Transactions, stats and analyze (oh-my) |
| Previous Message | jaime soler | 2016-02-16 18:35:00 | Re: ORA2PG HP-UX11i23 Itanium |