Thread: ssl connections with psql
I've compiled Postgresql-7.1beta5 on two machines, enabling SSL support on both. Am I correct that if do `psql -h <othermachine>`, that this connection will be established via ssl? I.E. - that is the default connection mode, if it is enabled? Then, if I want to allow *only* ssl connections, I replace `host` with `hostssl` in my pg_hba.conf? -- -Ron- GPG and other info at: http://www.yellowbank.com/
Ron Peterson writes: > I've compiled Postgresql-7.1beta5 on two machines, enabling SSL support on > both. Am I correct that if do `psql -h <othermachine>`, that this > connection will be established via ssl? I.E. - that is the default > connection mode, if it is enabled? Yes. > Then, if I want to allow *only* ssl connections, I replace `host` with > `hostssl` in my pg_hba.conf? Yes. -- Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/
Christian Marschalek writes: > May I ask what the difference between apache compiled with ssl and > postgresql with ssl is? if there's any... Apache serves encrypted HTTP connections, PostgreSQL serves encrypted database connections. -- Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/
Hi ! > > I've compiled Postgresql-7.1beta5 on two machines, enabling SSL support on > > both. Am I correct that if do `psql -h <othermachine>`, that this > > connection will be established via ssl? I.E. - that is the default > > connection mode, if it is enabled? > > Yes. > > > Then, if I want to allow *only* ssl connections, I replace `host` with > > `hostssl` in my pg_hba.conf? > > Yes. May I ask what the difference between apache compiled with ssl and postgresql with ssl is? if there's any... regards Chris
On Fri, Mar 16, 2001 at 05:58:42PM +0100, Christian Marschalek wrote: > Hi ! > > > Yes. > > May I ask what the difference between apache compiled with ssl and > postgresql with ssl is? if there's any... > very easy question that even i can answer. apache is a web server postgresql is database server got it?? ssl is general software layer which lives between some user level applications and os. you can make almost all of your run of the mills tcp/ip applications ssl aware. apache and postgresql being one of those run of the mills applications they learn how to speak ssl language. ssl is generally associated with web servers/browsers because netscape invented it. whether it's good or bad i'm not sure. i dislike the way netscape marketed it itself using scare tactics.. nowadays people consider ssl panacea for network security and i'm sick of getting clueless client wanting ssl pages for their applications who don't realize all the risks involved. it's almost always like buying $10,000 alarm system and leaving the window open when you left your house. necessity is the source of inventions, they say. but i often wonder..
well i ment over apache (with php) to a database :o) > -----Original Message----- > From: Peter Eisentraut [mailto:peter_e@gmx.net] > Sent: Friday, March 16, 2001 6:19 PM > To: Christian Marschalek > Cc: [GENERAL] PostgreSQL > Subject: RE: [GENERAL] ssl connections with psql > > > Christian Marschalek writes: > > > May I ask what the difference between apache compiled with ssl and > > postgresql with ssl is? if there's any... > > Apache serves encrypted HTTP connections, PostgreSQL serves encrypted > database connections. > > -- > Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/ >
Was a misunderstanding on my side :o) Thanks! > -----Original Message----- > From: Peter Eisentraut [mailto:peter_e@gmx.net] > Sent: Friday, March 16, 2001 7:25 PM > To: Christian Marschalek > Cc: [GENERAL] PostgreSQL > Subject: RE: [GENERAL] ssl connections with psql > > > Christian Marschalek writes: > > > well i ment over apache (with php) to a database :o) > > Apache encrypts the connection to the web user, PostgreSQL encrypts the > connection to the database user, which in this case would be Apache. > I.e.: > > Web user ---SSL---> Apache ---SSL---> PostgreSQL > > Typically, in these setups, the Apache to PostgreSQL connection is over a > trusted wire, such as a Unix domain socket, local loopback, or LAN, so SSL > won't be necessary. But if you run a database (not web) connection over > the Internet then you might care. > > > > > > -----Original Message----- > > > From: Peter Eisentraut [mailto:peter_e@gmx.net] > > > Sent: Friday, March 16, 2001 6:19 PM > > > To: Christian Marschalek > > > Cc: [GENERAL] PostgreSQL > > > Subject: RE: [GENERAL] ssl connections with psql > > > > > > > > > Christian Marschalek writes: > > > > > > > May I ask what the difference between apache compiled with ssl and > > > > postgresql with ssl is? if there's any... > > > > > > Apache serves encrypted HTTP connections, PostgreSQL serves encrypted > > > database connections. > > > > > > -- > > > Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/ > > > > > > > > > -- > Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/ >
Christian Marschalek writes: > well i ment over apache (with php) to a database :o) Apache encrypts the connection to the web user, PostgreSQL encrypts the connection to the database user, which in this case would be Apache. I.e.: Web user ---SSL---> Apache ---SSL---> PostgreSQL Typically, in these setups, the Apache to PostgreSQL connection is over a trusted wire, such as a Unix domain socket, local loopback, or LAN, so SSL won't be necessary. But if you run a database (not web) connection over the Internet then you might care. > > > -----Original Message----- > > From: Peter Eisentraut [mailto:peter_e@gmx.net] > > Sent: Friday, March 16, 2001 6:19 PM > > To: Christian Marschalek > > Cc: [GENERAL] PostgreSQL > > Subject: RE: [GENERAL] ssl connections with psql > > > > > > Christian Marschalek writes: > > > > > May I ask what the difference between apache compiled with ssl and > > > postgresql with ssl is? if there's any... > > > > Apache serves encrypted HTTP connections, PostgreSQL serves encrypted > > database connections. > > > > -- > > Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/ > > > > -- Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/
Peter Eisentraut wrote: > Christian Marschalek writes: > > well i ment over apache (with php) to a database :o) > Apache encrypts the connection to the web user, PostgreSQL encrypts the > connection to the database user, which in this case would be Apache. > I.e.: > Web user ---SSL---> Apache ---SSL---> PostgreSQL > Typically, in these setups, the Apache to PostgreSQL connection is over a > trusted wire, such as a Unix domain socket, local loopback, or LAN, so SSL > won't be necessary. But if you run a database (not web) connection over > the Internet then you might care. For those reading this and assuming that using SSL is always a good thing, SSL data connections are up to 100 times slower, as all of the data has to be encrypted and decrypted by the server and the client. Running SSL connections to the same server you're hosting the web pages on would be a fairly interesting way of shooting yourself in the foot, but not useful for much else. -Ronabop --2D426F70|759328624|00101101010000100110111101110000 Personal: ron@opus1.com, 520-326-6109, http://www.opus1.com/ron/ Work: rchmara@pnsinc.com, 520-546-8993, http://www.pnsinc.com/ The opinions expressed in this email are not necessarily those of myself, my employers, or any of the other little voices in my head.
> For those reading this and assuming that using SSL is always a good thing, > SSL data connections are up to 100 times slower, as all of the data has > to be encrypted and decrypted by the server and the client. Running SSL > connections to the same server you're hosting the web pages on would be > a fairly interesting way of shooting yourself in the foot, but not useful > for much else. I'm not assuming SSL is always a good thing, but sometimes security is more important than speed, and in this case SSL does excatly what it should :o)