On Sat, Oct 15, 2005 at 06:04:54PM -0700, Chris Travers wrote:
> Out of curiosity, what is wrong with requiring client SSL certs to
> access the system and only issuing them to the PGPool system (or using a
> different CA if you need to issue client certs to the end users)? This
Hmm, I like this, although client SSL certs still didn't work with
JDBC last I checked, so it won't solve all the problems. But you're
right, this would mostly solve the problem I was thinking of,
provided it was described correctly to the (mostly-clueless)
technology rule-producers.
> place (though deliberate circumvention is always an issue when both
> sides are open source and the DBA has access to all systems-- after all,
Open source has nothing to do with it, of course. Malicious attack
by technical staff is something virtually no technology can guarantee
against. The best you can usually get is adequate logging (and
probably log monitoring) -- and we already provide that.
A
--
Andrew Sullivan | ajs@crankycanuck.ca
The plural of anecdote is not data.
--Roger Brinner