Re: [INTERFACES] Using JDBC and SSL (or any method of security)

From: Peter T Mount <peter(at)taer(dot)maidstone(dot)gov(dot)uk>
To: "Andrew R(dot) Jackson" <ajackson(at)dezines(dot)com>
Cc: pgsql-interfaces(at)hub(dot)org
Subject: Re: [INTERFACES] Using JDBC and SSL (or any method of security)
Date: 1998-07-21 12:32:31
Message-ID: Pine.LNX.3.96.980721133135.2998I-100000@taer.maidstone.gov.uk
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-interfaces

[email problems within maidstone.gov.uk has delayed this response -
peter]

On Wed, 15 Jul 1998, Andrew R. Jackson wrote:

> At 06:51 AM 15/07/98 +0100, you wrote:
> >> We want to use JDBC together with a patched PostgreSQL using Brett
> >> McCormick's PostgreSQl-SSL patch. Is it possible to use encrypted
> >> communication with JDBC using this? Or kerberos? Or do you have any
> >> suggestions as to how we can make it secure?
> >
> >Currently there is no way of encrypting the data stream using SSL or
> >Kerberos - yet. The java.security api may help us in the near future.
>
> The article "JBDC Drivers and Web Security" by Mukul Sood in Dr. Dobb's
> Journal (July 1998) discusses this a bit and some solutions that
> currently exist. A discussion about the use of SSL in JBDC solutions is
> included. In addition, three of the driver venders considered in the
> latter part of the article make use of SSL.
>
> As Sood says "any program that makes use of TCP can be modified to use
> SSL connections". Several of the driver venders make use of this by
> providing encryption and authentification services to network
> applications (including Java applets and applications using JDBC) using
> SSL.
>
> For a good example of this, read the section in the article on
> WebLogic's Tengah/JBDC, which uses RSA SSL.

When I get time, I'll look at how SSL works with postgresql at the moment,
and see if I can implement it easily.

>
>The only encoding possible so far is using the crypt authentication
> >system, where the password is sent over the wire encrypted. We can handle
> >this, as we have our own copy of crypt in the driver.
>
> Peter or somebody, could you point me to an example of how this is used? Thanks.

Simply set the authentication type in pg_hba.conf to crypt. ie:

host all 192.168.4.0 255.255.255.0 crypt

Because the protocol sents the authentication type to the client, the
driver automatically switches to crypt.

--
Peter Mount (at work) peter(at)taer(dot)maidstone(dot)gov(dot)uk or peter(at)maidstone(dot)gov(dot)uk
If you mail me here, please cc my home address peter(at)retep(dot)org(dot)uk

In response to

Browse pgsql-interfaces by date

  From Date Subject
Next Message Peter T Mount 1998-07-21 12:33:13 Re: [INTERFACES] "static" libraries?
Previous Message Peter T Mount 1998-07-21 12:31:11 Re: [INTERFACES] JDBC JAVA interface