New Open Source Project
Sergey Kuznetsov
tlug-9a/WvBvX2Qpg9hUCZPvPmw at public.gmane.org
Fri Jan 7 20:52:09 UTC 2005
Fraser Campbell wrote:
>On Friday 07 January 2005 10:50, Sergey Kuznetsov wrote:
>
>
>
>>By the way, I just adore the SSL-feature of PG. It allows me to connect
>>to PG from any place thru Internet and not afraid if someone will intercept
>>my data.
>>
>>
>
>I can see the application of SSL in a LAN/DMZ environment but I hate the
>thought of exposing another daemon to the Internet ... if the IPs allowed
>access are limited by firewall rules then I'd feel better about it.
>
>
>
SSL is integrated into PG itself. It listens on the main PG port. It
recognizes SSL or non-SSL
connection, based on pg_hba.conf record entry.
Here is the example:
hostssl dbname1 user1 10.0.0.1 255.255.255.255 trust
host dbname2 user1 10.0.0.1 255.255.255.255 trust
(I know that trust is quite insecure, but this is example =)
it this example you can connect to securely to dbname1 as user1, and
without SSL to dbname2 at the same computer.
>>All my Perl-scripts connects only thru SSL-enabled connection.
>>I don't know if any other DB allows that.
>>
>>
>
>mysql does for sure, whether as well as pg I have no idea.
>
>
>
It possible to do with any DB via stunnel trick.
All the Best!
Sergey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20050107/e2baebdf/attachment.html>
More information about the Legacy
mailing list