Hi list,
here is a small modification of the Connection.java and PG_Stream.java that
makes the driver able to communicate over SSL, whenever it is allowed (or
forced) by the back end (and your JVM's settings, of course).
At this time, it supports the direct connection only.Additional code is
planned to be written as soon as possible in order to allow the connection
through a proxy (possible ideas for doing this can be taken from JSSE
examples and squid docs)
This software is intended to be used in a production enviroment that is
rely on open-source softwares. That is why i decided to share this
modification with this community and ask for your contribution to test - and
even modify - it, if possible. In exchange, there is no restriction to use,
modify, ( delete;) ) this code snippet.
Our enviroment is as follows:
- JDK SE 1.3.0_02
- JSSE 1.0.3_01
- Postgresql 7.1.2 with a database including
- Mandrake Linux 7.2 with a modified kernel on the basis of the 2.4.14
- openssl 0.9.5a
- it is a web application (run by a stand-alone jakarta-tomcat-4.0.1) that
connects to the postgresql
- more webapps are served by the same postgresql back end.
- the tomcat containers and the postgresql are placed on different hosts on
different networks and they are connected over the internet.
- there is no proxy in front of the postgresql (yet), we plan to use squid
when we will understand in details the way it works in.
I know, this is an old config.Altough this is a production enviroment and
works well due to the guys who wrote these excellent softwares and we don't
tamper with it without weighty reason (we are going to replace the openssl
0.9.5a
by a more secure version).
So, is there anybody interested in?
Regards
Istvan Nagy
nistvan@ecity.agria.hu (private)