Home > mailing lists

Re: Preventing accidental non-SSL connections in psql? - Mailing list pgsql-general

From	Yang Zhang
Subject	Re: Preventing accidental non-SSL connections in psql?
Date	April 7, 2011 00:20:22
Msg-id	BANLkTimRYyDZQKh622LD_zt9eF6AU-PDHw@mail.gmail.com Whole thread Raw
In response to	Re: Preventing accidental non-SSL connections in psql? (Adrian Klaver <adrian.klaver@gmail.com>)
List	pgsql-general

Tree view

On Wed, Apr 6, 2011 at 4:53 PM, Adrian Klaver <adrian.klaver@gmail.com> wrote:
> On Wednesday, April 06, 2011 4:24:30 pm Yang Zhang wrote:
>
>> On Wed, Apr 6, 2011 at 4:22 PM, Adrian Klaver <adrian.klaver@gmail.com>
>> wrote:
>
>> > On Wednesday, April 06, 2011 4:06:40 pm Yang Zhang wrote:
>
>> >> How do I prevent accidental non-SSL connections (at least to specific
>
>> >> hosts) when connecting via psql? Is there any configuration for this?
>
>> >> Thanks.
>
>> >
>
>> > http://www.postgresql.org/docs/9.0/interactive/auth-pg-hba-conf.html
>
>> > hostssl
>
>> > http://www.postgresql.org/docs/9.0/interactive/libpq-connect.html
>
>> > sslmode
>
>>
>
>> I'm aware of sslmode and hostssl - the threat model I'm asking about
>
>> is the client getting MITM'd because the user forgets to specify `psql
>
>> sslmode=verify-full`.
>
> http://www.postgresql.org/docs/9.0/interactive/ssl-tcp.html
>
> 17.8.1. Using client certificates

Client certs are only for client authentication; I'm interested in
mandatory server authentication.

pgsql-general by date:

From: Scott Marlowe
Date: 06 April 2011, 23:58:28
Subject: Re: Preventing accidental non-SSL connections in psql?

From: Yang Zhang
Date: 07 April 2011, 00:26:00
Subject: Re: Preventing accidental non-SSL connections in psql?

Re: Preventing accidental non-SSL connections in psql? - Mailing list pgsql-general

Previous

Next