johnf <jfabiani@yolo.com> writes:
> On Wednesday 12 December 2007 09:52:48 am Tom Lane wrote:
>> Limit the range of IPs as much as you can, and require the connection to
>> use SSL, and maybe insist on a client certificate.
> What do you mean by a cleint certificate? I'll assume it is some sort of key
> that is passed to my server. But would postgres use the key? Or is this
> just a way to insure user is who he say he is?
I'm no expert on SSL usage, but there's some basic info here:
http://www.postgresql.org/docs/8.2/static/ssl-tcp.html
For the full story on SSL you'd want to visit
http://www.openssl.org/
regards, tom lane