New Open Source Project

Sergey Kuznetsov tlug-9a/WvBvX2Qpg9hUCZPvPmw at public.gmane.org
Fri Jan 7 20:52:09 UTC 2005


Fraser Campbell wrote:

>On Friday 07 January 2005 10:50, Sergey Kuznetsov wrote:
>
>  
>
>>By the way, I just adore the SSL-feature of PG. It allows me to connect
>>to PG from any place thru Internet and not afraid if someone will intercept
>>my data. 
>>    
>>
>
>I can see the application of SSL in a LAN/DMZ environment but I hate the 
>thought of exposing another daemon to the Internet ... if the IPs allowed 
>access are limited by firewall rules then I'd feel better about it.
>
>  
>
    SSL is integrated into PG itself. It listens on the main PG port. It 
recognizes SSL or non-SSL
connection, based on pg_hba.conf record entry.

Here is the example:

hostssl    dbname1    user1   10.0.0.1     255.255.255.255   trust
host    dbname2    user1   10.0.0.1     255.255.255.255   trust
(I know that trust is quite insecure, but this is example =)

it this example you can connect to securely to dbname1 as user1, and 
without SSL to dbname2 at the same computer.


>>All my Perl-scripts connects only thru SSL-enabled connection.
>>I don't know if any other DB allows that.
>>    
>>
>
>mysql does for sure, whether as well as pg I have no idea.
>
>  
>
It possible to do with any DB via stunnel trick.


All the Best!
Sergey

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20050107/e2baebdf/attachment.html>


More information about the Legacy mailing list