Thread: ssl connections with psql

ssl connections with psql

From
Ron Peterson
Date:
I've compiled Postgresql-7.1beta5 on two machines, enabling SSL support on
both.  Am I correct that if do `psql -h <othermachine>`, that this
connection will be established via ssl?  I.E. - that is the default
connection mode, if it is enabled?

Then, if I want to allow *only* ssl connections, I replace `host` with
`hostssl` in my pg_hba.conf?

--

-Ron-
GPG and other info at: http://www.yellowbank.com/



Re: ssl connections with psql

From
Peter Eisentraut
Date:
Ron Peterson writes:

> I've compiled Postgresql-7.1beta5 on two machines, enabling SSL support on
> both.  Am I correct that if do `psql -h <othermachine>`, that this
> connection will be established via ssl?  I.E. - that is the default
> connection mode, if it is enabled?

Yes.

> Then, if I want to allow *only* ssl connections, I replace `host` with
> `hostssl` in my pg_hba.conf?

Yes.

--
Peter Eisentraut      peter_e@gmx.net       http://yi.org/peter-e/


RE: ssl connections with psql

From
Peter Eisentraut
Date:
Christian Marschalek writes:

> May I ask what the difference between apache compiled with ssl and
> postgresql with ssl is? if there's any...

Apache serves encrypted HTTP connections, PostgreSQL serves encrypted
database connections.

--
Peter Eisentraut      peter_e@gmx.net       http://yi.org/peter-e/


RE: ssl connections with psql

From
"Christian Marschalek"
Date:
Hi !

> > I've compiled Postgresql-7.1beta5 on two machines, enabling SSL support
on
> > both.  Am I correct that if do `psql -h <othermachine>`, that this
> > connection will be established via ssl?  I.E. - that is the default
> > connection mode, if it is enabled?
>
> Yes.
>
> > Then, if I want to allow *only* ssl connections, I replace `host` with
> > `hostssl` in my pg_hba.conf?
>
> Yes.

May I ask what the difference between apache compiled with ssl and
postgresql with ssl is? if there's any...

regards Chris


Re: ssl connections with psql

From
newsreader@mediaone.net
Date:
On Fri, Mar 16, 2001 at 05:58:42PM +0100, Christian Marschalek wrote:
> Hi !
>
> > Yes.
>
> May I ask what the difference between apache compiled with ssl and
> postgresql with ssl is? if there's any...
>

very easy question that even i can answer.

apache is a web server

postgresql is database server

got it??

ssl is general software layer which lives between some
user level applications and os.  you can make almost all
of your run of the mills tcp/ip applications ssl aware.

apache and postgresql being one of those run of the mills
applications they learn how to speak ssl language.

ssl is generally associated with web servers/browsers
because netscape invented it.  whether it's good or
bad i'm not sure.  i dislike the way netscape marketed
it itself using scare tactics.. nowadays people consider
ssl panacea for network security and i'm sick of getting
clueless client wanting ssl pages for their applications who
don't realize all the risks involved.  it's almost always
like buying $10,000 alarm system and leaving the window
open when you left your house.  necessity is the source
of inventions, they say.  but i often wonder..


RE: ssl connections with psql

From
"Christian Marschalek"
Date:
well i ment over apache (with php) to a database :o)

> -----Original Message-----
> From: Peter Eisentraut [mailto:peter_e@gmx.net]
> Sent: Friday, March 16, 2001 6:19 PM
> To: Christian Marschalek
> Cc: [GENERAL] PostgreSQL
> Subject: RE: [GENERAL] ssl connections with psql
>
>
> Christian Marschalek writes:
>
> > May I ask what the difference between apache compiled with ssl and
> > postgresql with ssl is? if there's any...
>
> Apache serves encrypted HTTP connections, PostgreSQL serves encrypted
> database connections.
>
> --
> Peter Eisentraut      peter_e@gmx.net       http://yi.org/peter-e/
>

RE: ssl connections with psql

From
"Christian Marschalek"
Date:
Was a misunderstanding on my side :o)

Thanks!

> -----Original Message-----
> From: Peter Eisentraut [mailto:peter_e@gmx.net]
> Sent: Friday, March 16, 2001 7:25 PM
> To: Christian Marschalek
> Cc: [GENERAL] PostgreSQL
> Subject: RE: [GENERAL] ssl connections with psql
>
>
> Christian Marschalek writes:
>
> > well i ment over apache (with php) to a database :o)
>
> Apache encrypts the connection to the web user, PostgreSQL encrypts the
> connection to the database user, which in this case would be Apache.
> I.e.:
>
> Web user ---SSL---> Apache ---SSL---> PostgreSQL
>
> Typically, in these setups, the Apache to PostgreSQL connection is over a
> trusted wire, such as a Unix domain socket, local loopback, or LAN, so SSL
> won't be necessary.  But if you run a database (not web) connection over
> the Internet then you might care.
>
> >
> > > -----Original Message-----
> > > From: Peter Eisentraut [mailto:peter_e@gmx.net]
> > > Sent: Friday, March 16, 2001 6:19 PM
> > > To: Christian Marschalek
> > > Cc: [GENERAL] PostgreSQL
> > > Subject: RE: [GENERAL] ssl connections with psql
> > >
> > >
> > > Christian Marschalek writes:
> > >
> > > > May I ask what the difference between apache compiled with ssl and
> > > > postgresql with ssl is? if there's any...
> > >
> > > Apache serves encrypted HTTP connections, PostgreSQL serves encrypted
> > > database connections.
> > >
> > > --
> > > Peter Eisentraut      peter_e@gmx.net       http://yi.org/peter-e/
> > >
> >
> >
>
> --
> Peter Eisentraut      peter_e@gmx.net       http://yi.org/peter-e/
>


RE: ssl connections with psql

From
Peter Eisentraut
Date:
Christian Marschalek writes:

> well i ment over apache (with php) to a database :o)

Apache encrypts the connection to the web user, PostgreSQL encrypts the
connection to the database user, which in this case would be Apache.
I.e.:

Web user ---SSL---> Apache ---SSL---> PostgreSQL

Typically, in these setups, the Apache to PostgreSQL connection is over a
trusted wire, such as a Unix domain socket, local loopback, or LAN, so SSL
won't be necessary.  But if you run a database (not web) connection over
the Internet then you might care.

>
> > -----Original Message-----
> > From: Peter Eisentraut [mailto:peter_e@gmx.net]
> > Sent: Friday, March 16, 2001 6:19 PM
> > To: Christian Marschalek
> > Cc: [GENERAL] PostgreSQL
> > Subject: RE: [GENERAL] ssl connections with psql
> >
> >
> > Christian Marschalek writes:
> >
> > > May I ask what the difference between apache compiled with ssl and
> > > postgresql with ssl is? if there's any...
> >
> > Apache serves encrypted HTTP connections, PostgreSQL serves encrypted
> > database connections.
> >
> > --
> > Peter Eisentraut      peter_e@gmx.net       http://yi.org/peter-e/
> >
>
>

--
Peter Eisentraut      peter_e@gmx.net       http://yi.org/peter-e/


Re: ssl connections with psql

From
Ron Chmara
Date:
Peter Eisentraut wrote:
> Christian Marschalek writes:
> > well i ment over apache (with php) to a database :o)
> Apache encrypts the connection to the web user, PostgreSQL encrypts the
> connection to the database user, which in this case would be Apache.
> I.e.:
> Web user ---SSL---> Apache ---SSL---> PostgreSQL
> Typically, in these setups, the Apache to PostgreSQL connection is over a
> trusted wire, such as a Unix domain socket, local loopback, or LAN, so SSL
> won't be necessary.  But if you run a database (not web) connection over
> the Internet then you might care.

For those reading this and assuming that using SSL is always a good thing,
SSL data connections are up to 100 times slower, as all of the data has
to be encrypted and decrypted by the server and the client. Running SSL
connections to the same server you're hosting the web pages on would be
a fairly interesting way of shooting yourself in the foot, but not useful
for much else.

-Ronabop

--2D426F70|759328624|00101101010000100110111101110000
Personal:  ron@opus1.com, 520-326-6109, http://www.opus1.com/ron/
Work: rchmara@pnsinc.com, 520-546-8993, http://www.pnsinc.com/
The opinions expressed in this email are not necessarily those of myself,
my employers, or any of the other little voices in my head.

RE: ssl connections with psql

From
"Christian Marschalek"
Date:
> For those reading this and assuming that using SSL is always a good thing,
> SSL data connections are up to 100 times slower, as all of the data has
> to be encrypted and decrypted by the server and the client. Running SSL
> connections to the same server you're hosting the web pages on would be
> a fairly interesting way of shooting yourself in the foot, but not useful
> for much else.
I'm not assuming SSL is always a good thing, but sometimes security is more
important than speed, and in this case SSL does excatly what it should :o)