Re: PosgreSQL Security Architecture - Mailing list pgsql-general

From Jeff Janes
Subject Re: PosgreSQL Security Architecture
Date
Msg-id CAMkU=1zsELD9D6GDoCWdXGx-ykTePkYX1Jh7YF3JsErgpMEhEQ@mail.gmail.com
Whole thread Raw
In response to Re: PosgreSQL Security Architecture  (Lesley Kimmel <lesley.j.kimmel@gmail.com>)
List pgsql-general
On Fri, Feb 12, 2016 at 5:20 AM, Lesley Kimmel
<lesley.j.kimmel@gmail.com> wrote:
> Thanks for the reply Laurenz. Of course the first thing that I thought of to
> prevent man-in-the-middle was SSL. However, I also like to try to address
> the issue in a way that seems to get at what they are intending. It seemed
> to me that they wanted to do some configuration within the database related
> to session IDs.

As far as server configuration, you can configure your server to only
accept ssl connections in pg_hba.conf.  You should also configure your
clients to do sslmode=verify-full on the ssl certificate sent to them
by the server (which is not the default).

Cheers,

Jeff


pgsql-general by date:

Previous
From: jaime soler
Date:
Subject: Re: ORA2PG HP-UX11i23 Itanium
Next
From: Steve Crawford
Date:
Subject: Transactions, stats and analyze (oh-my)