On Mon, Mar 16, 2009 at 1:57 PM, Magnus Hagander <magnus@hagander.net> wrote:
> OK, here's a patch that tries this. Since we're in beta, I definitely
> want eyes on it before I commit :-)
OK, I've applied eyes - here are my immediate thoughts:
- The verify mode strings look quite long, per my comment on IM.
Perhaps Full, Certificate or None would be better.
- There doesn't seem to be any way to push the verify mode down to the
backup/backupall/backupglobals/restore dialogues, or to the debugger
(which, annoyingly, still has it's own connection class). Do we want
to re-verify in those places, or just set verify=none, as we've
already verified at initial connection? I guess in theory a mitm
attack could start after we initially connect.
- Should verify mode also be exposed in the plugins interface? SSL
mode is, so it would seem logical.
--
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com
