Skip site navigation (1) Skip section navigation (2)

Re: [INTERFACES] Using JDBC and SSL (or any method of security)

From: Peter T Mount <peter(at)taer(dot)maidstone(dot)gov(dot)uk>
To: "Andrew R(dot) Jackson" <ajackson(at)dezines(dot)com>
Cc: pgsql-interfaces(at)hub(dot)org
Subject: Re: [INTERFACES] Using JDBC and SSL (or any method of security)
Date: 1998-07-21 12:32:31
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-interfaces
[email problems within has delayed this response -

On Wed, 15 Jul 1998, Andrew R. Jackson wrote:

> At 06:51 AM 15/07/98 +0100, you wrote:
> >> We want to use JDBC together with a patched PostgreSQL using Brett
> >> McCormick's PostgreSQl-SSL patch.  Is it possible to use encrypted
> >> communication with JDBC using this?  Or kerberos?  Or do you have any
> >> suggestions as to how we can make it secure?
> >
> >Currently there is no way of encrypting the data stream using SSL or
> >Kerberos - yet. The api may help us in the near future.
> The article "JBDC Drivers and Web Security" by Mukul Sood in Dr. Dobb's
> Journal (July 1998) discusses this a bit and some solutions that
> currently exist. A discussion about the use of SSL in JBDC solutions is
> included. In addition, three of the driver venders considered in the
> latter part of the article make use of SSL. 
> As Sood says "any program that makes use of TCP can be modified to use
> SSL connections". Several of the driver venders make use of this by
> providing encryption and authentification services to network
> applications (including Java applets and applications using JDBC) using
> SSL. 
> For a good example of this, read the section in the article on
> WebLogic's Tengah/JBDC, which uses RSA SSL.

When I get time, I'll look at how SSL works with postgresql at the moment,
and see if I can implement it easily. 

>The only encoding possible so far is using the crypt authentication
> >system, where the password is sent over the wire encrypted. We can handle
> >this, as we have our own copy of crypt in the driver.
> Peter or somebody, could you point me to an example of how this is used? Thanks.

Simply set the authentication type in pg_hba.conf to crypt. ie:

host all crypt

Because the protocol sents the authentication type to the client, the
driver automatically switches to crypt.

Peter Mount (at work) peter(at)taer(dot)maidstone(dot)gov(dot)uk or peter(at)maidstone(dot)gov(dot)uk
If you mail me here, please cc my home address peter(at)retep(dot)org(dot)uk

In response to

pgsql-interfaces by date

Next:From: Peter T MountDate: 1998-07-21 12:33:13
Subject: Re: [INTERFACES] "static" libraries?
Previous:From: Peter T MountDate: 1998-07-21 12:31:11
Subject: Re: [INTERFACES] JDBC JAVA interface

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group