Re: SSL over Unix-domain sockets

Поиск
Список
Период
Сортировка
От Magnus Hagander
Тема Re: SSL over Unix-domain sockets
Дата
Msg-id 20080115092521.GF627@svr2.hagander.net
обсуждение исходный текст
Ответ на Re: SSL over Unix-domain sockets  (Peter Eisentraut <peter_e@gmx.net>)
Список pgsql-hackers
Дерево обсуждения 
On Tue, Jan 15, 2008 at 10:10:37AM +0100, Peter Eisentraut wrote:
> Am Montag, 14. Januar 2008 schrieb Tom Lane:
> > If we do want to apply Peter's patch, I think it needs to be extended so
> > that the default behavior on sockets is the same as before, ie, no SSL.
> > This could be done by giving libpq an additional connection parameter,
> > say "socketsslmode", having the same alternatives as sslmode but
> > defaulting to "allow" instead of "prefer".
> 
> I suggest we don't do anything for 8.3, and return to investigate the full 
> range of options for 8.4.  Those might include adding SSL support for local 
> sockets but disabled by default, using SO_PEERCRED to check the server 
> identity, and more fine-grained control over (multiple?) local socket 
> placement.

+1

//Magnus

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Peter Eisentraut
Дата:
Сообщение: Re: SSL over Unix-domain sockets
Следующее
От: Magnus Hagander
Дата:
Сообщение: Re: could not open relation: Invalid argument