Hello,
This concerns use of postgresql.key private key file on the client side.
psql can't establish a connection. with an encrypted postgresql.key file. If
I'm wrong here, the following is invalid and please show me the steps I'm
ignoring.
An application using libpq would require that the private unencrypted key be
deployed to the end user, together with the public key and trust cert. This
would mean if the end user is curious enough and computer litterate, he can
bypass the client application and make a direct connection to the server with
psql for example. It's then possible to issue commands like TRUNCATE TABLE...
Can we establish a SSL connection using an encrypted private key in PG 8.4 via
libpq ? I have not found any connection parameters allowing this.
Can the use of password protected wallets or PKCS12 certs become an option for
PG devs ? The end user would have a wallet on disk, which could be opened by
libpq using a hard-coded password(I know hard coding is evil but it yet can
help) and then use the certs and keys.
Thank you for considering.