| From: | Kris Jurka <books(at)ejurka(dot)com> |
|---|---|
| To: | Saleem EDAH-TALLY <nmset(at)netcourrier(dot)com> |
| Cc: | pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: SSL - NonValidatingFactory |
| Date: | 2009-07-24 19:41:27 |
| Message-ID: | alpine.BSO.2.00.0907241538390.29498@leary.csoft.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
On Fri, 24 Jul 2009, Saleem EDAH-TALLY wrote:
> I don't know if devs on this forum are server devs too. I would suggest
> that irrespective of the presence of a server trusted cert (root.crt)
> that the server be usable by the client, as his any time choice, for
> encryption only and/or server/client authentication. Other RDBMS allow
> that : Oracle, Apache Derby and MySQL. Although traffic encryption only
> raises security concerns, it may be helpful in some limited cases.
That's not going to happen. A server configured with a root.crt file is
essentially saying, "Clients must present a certificate to be
authenticated." Allowing a client to bypass that check is a serious
security hole. You might as well request that the client should be
allowed to decide not to provide a password even if the server requests
it and be able to connect.
Kris Jurka
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Saleem EDAH-TALLY | 2009-07-24 20:07:48 | Re: SSL - NonValidatingFactory |
| Previous Message | Saleem EDAH-TALLY | 2009-07-24 18:57:28 | Re: SSL - NonValidatingFactory |