Re: ssl connections to postgresql - Mailing list pgsql-general

From James B. Byrne
Subject Re: ssl connections to postgresql
Date
Msg-id 37612.216.185.71.30.1185456361.squirrel@webmail.harte-lyne.ca
Whole thread Raw
In response to Re: ssl connections to postgresql  ("Joshua D. Drake" <jd@commandprompt.com>)
List pgsql-general
On Tue, July 24, 2007 18:29, Joshua D. Drake wrote:

>
> just enforce hostssl in your pg_hba.conf and nothing else. If you can
> connect, you are good :)
>
> Joshua D. Drake

Thanks, I will probably end up doing this.

What I am really looking for is an audit trail for all DBM host
connections to show the security compliance team that the network links
are in fact secured.  I call it a confidence check setting because that is
really what it is, a statement in the logs to engender confidence in
people who have limited knowledge of the detailed workings of the server
process (which includes me at the moment).

What is the process to make a suggestion to the pg maintainers to add a
configurable logging option like this?

Is there a way to use a key larger than 256 bits and is there any reason
why this would not be useful in practice?  Our standard key sizes here
seem to by either 1024 or 2048.

Regards,


--
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3


pgsql-general by date:

Previous
From: "James B. Byrne"
Date:
Subject: Re: ssl connections to postgresql
Next
From: Tom Lane
Date:
Subject: Re: a few questions (and doubts) about xid