Home > mailing lists

Re: Preventing accidental non-SSL connections in psql? - Mailing list pgsql-general

From	Scott Marlowe
Subject	Re: Preventing accidental non-SSL connections in psql?
Date	April 6, 2011 23:58:28
Msg-id	BANLkTi=OYJqNzkCbmLCeZRyVxzDj4Vrf1w@mail.gmail.com Whole thread Raw
In response to	Re: Preventing accidental non-SSL connections in psql? (Yang Zhang <yanghatespam@gmail.com>)
Responses	Re: Preventing accidental non-SSL connections in psql?
List	pgsql-general

Tree view

On Wed, Apr 6, 2011 at 5:24 PM, Yang Zhang <yanghatespam@gmail.com> wrote:
> On Wed, Apr 6, 2011 at 4:22 PM, Adrian Klaver <adrian.klaver@gmail.com> wrote:
>> On Wednesday, April 06, 2011 4:06:40 pm Yang Zhang wrote:
>>> How do I prevent accidental non-SSL connections (at least to specific
>>> hosts) when connecting via psql? Is there any configuration for this?
>>> Thanks.
>>
>> http://www.postgresql.org/docs/9.0/interactive/auth-pg-hba-conf.html
>> hostssl
>> http://www.postgresql.org/docs/9.0/interactive/libpq-connect.html
>> sslmode
>
> I'm aware of sslmode and hostssl - the threat model I'm asking about
> is the client getting MITM'd because the user forgets to specify `psql
> sslmode=verify-full`.

As long as you only have hostssl entries for connections the users
can't connect without ssl.

pgsql-general by date:

From: Adrian Klaver
Date: 06 April 2011, 23:54:10
Subject: Re: Preventing accidental non-SSL connections in psql?

From: Yang Zhang
Date: 07 April 2011, 00:20:22
Subject: Re: Preventing accidental non-SSL connections in psql?

Re: Preventing accidental non-SSL connections in psql? - Mailing list pgsql-general

Previous

Next