On Fri, July 27, 2007 04:20, Albe Laurenz wrote:
>
> This is more a philosophical question.
>
> If you only allow hostssl connections in pg_hba.conf AND forbid
> all host connections (with one last 'reject' line), PostgreSQL
> will reject all connections that are not via SSL.
>
> If your "security compliance team" does not trust PostgreSQL to
> enforce that, they'll probably have a very bad feeling about PostgreSQL
> in general - why then should they trust a log entry that PostgreSQL
> writes?
>
Because configuration files can be expected to be modified over time and
having an explicit log entry tells one what modes were in effect for a
specific connection at the time, whatever the configuration file says now.
It is not confidence in the software but in the diligence of the system
administrator (me) that is at question for the audit team. In any case, I
personally like these sort of direct confidence log entries. I feel that
it makes for easier configuration changes as often you quickly can see the
consequence when you have done something stupid.
I think that if the maintainers decide it worth doing at all, and I simply
do not have the time to bring myself up to speed on the code base of a
project the size of postgresql to do it myself, then such a feature would
be best added as a new special value (%e) option for log_line_prefix.
# %e = connection encryption strength (none/ssl-256/ssl-512 etc.)
Which again raises a question that I posed earlier: Is there any benefit
to increasing the key size for a host connection from 256 and, if so, how
is this done?
Regards,
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
