Re: SSL over Unix-domain sockets

Поиск
Список
Период
Сортировка
От Peter Eisentraut
Тема Re: SSL over Unix-domain sockets
Дата
Msg-id 200801151010.38306.peter_e@gmx.net
обсуждение исходный текст
Ответ на Re: SSL over Unix-domain sockets  (Tom Lane <tgl@sss.pgh.pa.us>)
Ответы Re: SSL over Unix-domain sockets  (Magnus Hagander <magnus@hagander.net>)
Список pgsql-hackers
Дерево обсуждения 
Am Montag, 14. Januar 2008 schrieb Tom Lane:
> If we do want to apply Peter's patch, I think it needs to be extended so
> that the default behavior on sockets is the same as before, ie, no SSL.
> This could be done by giving libpq an additional connection parameter,
> say "socketsslmode", having the same alternatives as sslmode but
> defaulting to "allow" instead of "prefer".

I suggest we don't do anything for 8.3, and return to investigate the full 
range of options for 8.4.  Those might include adding SSL support for local 
sockets but disabled by default, using SO_PEERCRED to check the server 
identity, and more fine-grained control over (multiple?) local socket 
placement.

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Markus Schiltknecht
Дата:
Сообщение: Re: Declarative partitioning grammar
Следующее
От: Magnus Hagander
Дата:
Сообщение: Re: SSL over Unix-domain sockets