On Fri, 24 Jul 2009, Saleem EDAH-TALLY wrote:
> I don't know if devs on this forum are server devs too. I would suggest
> that irrespective of the presence of a server trusted cert (root.crt)
> that the server be usable by the client, as his any time choice, for
> encryption only and/or server/client authentication. Other RDBMS allow
> that : Oracle, Apache Derby and MySQL. Although traffic encryption only
> raises security concerns, it may be helpful in some limited cases.
That's not going to happen. A server configured with a root.crt file is
essentially saying, "Clients must present a certificate to be
authenticated." Allowing a client to bypass that check is a serious
security hole. You might as well request that the client should be
allowed to decide not to provide a password even if the server requests
it and be able to connect.
Kris Jurka
