Postgres Pro
Downloads
Home   >   mailing lists

Re: [INTERFACES] Using JDBC and SSL (or any method of security) - Mailing list pgsql-interfaces

From Peter T Mount
Subject Re: [INTERFACES] Using JDBC and SSL (or any method of security)
Date
Msg-id Pine.LNX.3.96.980721133135.2998I-100000@taer.maidstone.gov.uk
Whole thread Raw
In response to Re: [INTERFACES] Using JDBC and SSL (or any method of security)  ("Andrew R. Jackson" <ajackson@dezines.com>)
List pgsql-interfaces
Tree view 
[email problems within maidstone.gov.uk has delayed this response -
peter]

On Wed, 15 Jul 1998, Andrew R. Jackson wrote:

> At 06:51 AM 15/07/98 +0100, you wrote:
> >> We want to use JDBC together with a patched PostgreSQL using Brett
> >> McCormick's PostgreSQl-SSL patch.  Is it possible to use encrypted
> >> communication with JDBC using this?  Or kerberos?  Or do you have any
> >> suggestions as to how we can make it secure?
> >
> >Currently there is no way of encrypting the data stream using SSL or
> >Kerberos - yet. The java.security api may help us in the near future.
>
> The article "JBDC Drivers and Web Security" by Mukul Sood in Dr. Dobb's
> Journal (July 1998) discusses this a bit and some solutions that
> currently exist. A discussion about the use of SSL in JBDC solutions is
> included. In addition, three of the driver venders considered in the
> latter part of the article make use of SSL.
>
> As Sood says "any program that makes use of TCP can be modified to use
> SSL connections". Several of the driver venders make use of this by
> providing encryption and authentification services to network
> applications (including Java applets and applications using JDBC) using
> SSL.
>
> For a good example of this, read the section in the article on
> WebLogic's Tengah/JBDC, which uses RSA SSL.

When I get time, I'll look at how SSL works with postgresql at the moment,
and see if I can implement it easily.

>
>The only encoding possible so far is using the crypt authentication
> >system, where the password is sent over the wire encrypted. We can handle
> >this, as we have our own copy of crypt in the driver.
>
> Peter or somebody, could you point me to an example of how this is used? Thanks.

Simply set the authentication type in pg_hba.conf to crypt. ie:

host all 192.168.4.0 255.255.255.0 crypt

Because the protocol sents the authentication type to the client, the
driver automatically switches to crypt.

--
Peter Mount (at work) peter@taer.maidstone.gov.uk or peter@maidstone.gov.uk
If you mail me here, please cc my home address peter@retep.org.uk

pgsql-interfaces by date:

Previous
From: Byron Nikolaidis
Date:
Subject: Re: [INTERFACES] odbc driver for a linux box
Next
From: Peter T Mount
Date:
Subject: Re: [INTERFACES] "static" libraries?