On Fri, 16 Jul 2004, [ISO-8859-1] Jos� Carlos Stevenson wrote:
> I've been using JWS to deploy an application that uses postgresql.
> I've configured pg to use MD5 for a minimum of security (user and
> passwd) - how can I deploy an app that uses SSL WITHOUT having to run
> keytool on each machine?
> Can I "show" the certificate (self signed) and ask the user if he/she
> would like to accept it as valied? Is thera a HOWTO anywhere or some
> sample code showing how to do that?
One answer is to use a server key/cert that has been signed by a
certificate authority thats already distributed with the JVM, but that's
going to cost you money.
A number of people have asked to not require a trusted cert to get around
both this problem and something like an applet which has no control. The
decrease in security has made me hesitant to do this. A while back Chris
Smith proposed a patch to allow the user to supply their own
SSLSocketFactory.
http://archives.postgresql.org/pgsql-jdbc/2004-02/msg00218.php
I didn't like this at the time, but perhaps we should revisit it.
Kris Jurka