Thread: Data transfer format between UNIX server and Windows client?
Hi folks I submitted this directly to the novice and general news groups -- getting no responses -- before I had subscribed to the list, and I apologize to anyone who may have responded previously. I've got a FreeBSD 4.2 box running PostgreSQL 7.0.3 and Windows clients that talk to it via LIBPQ.DLL (Zeos controls, ODBC, pgAccess...). I have a firewall on the BSD box using ipf, but I have to assume -- at least for the sake of argument -- that someone can still monitor data coming off the box. MY QUESTION -- When query results are sent to the client, where does the conversion of stored binary data to easily readable text take place: on the server before it leaves for the clients, or at libpq.dll ON the clients? If the transfer between boxes is text, does anyone have experience using an encrypted connection between a Unix box and a Windows client (without using a web server, that is)? Thanks in advance... -- Paul Lender ======================================== Paul A. Lender University of Minnesota Department of Orthopaedic Surgery 420 Delaware St. S.E., MMC 492 Mayo Minneapolis MN 55455 Voice: (612) 625-1186 FAX: (612) 626-6032 e-mail: lender@tc.umn.edu
"Paul A. Lender" <lender@tc.umn.edu> writes:
> MY QUESTION -- When query results are sent to the client, where does the
> conversion of stored binary data to easily readable text take
> place: on the server before it leaves for the clients, or at libpq.dll ON
> the clients?
At the server.
> If the transfer between boxes is text, does anyone have experience using an
> encrypted connection between a Unix box and a Windows client (without using
> a web server, that is)?
PG can be compiled to allow SSL encryption of connections. If you're
worried about packet-sniffing then that is the way to proceed.
The 7.0.* SSL support was new and a tad flaky IIRC. You might want to
work with 7.1 instead to avoid rough edges in SSL configuration.
I'm not sure how hard it is to get OpenSSL compiled on Windoze, though;
has anyone tried?
regards, tom lane
Paul A. Lender writes: > MY QUESTION -- When query results are sent to the client, where does the > conversion of stored binary data to easily readable text take > place: on the server before it leaves for the clients, or at libpq.dll ON > the clients? In the server. > If the transfer between boxes is text, does anyone have experience using an > encrypted connection between a Unix box and a Windows client (without using > a web server, that is)? If you manage to find a Windows to Unix encryption solution then there shouldn't be any fundamental problem. -- Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/
On Thu, 05 Apr 2001 09:25:28 -0500 "Paul A. Lender" <lender@tc.umn.edu> wrote: > MY QUESTION -- When query results are sent to the client, where does the > conversion of stored binary data to easily readable text take > place: on the server before it leaves for the clients, or at libpq.dll > ON > the clients? I would say at the server, no question (Tom, others, please whack me with a cluestick if I'm wrong here...). Not that you can assume that binary data is safe from prying eyes either... > If the transfer between boxes is text, does anyone have experience using > an > encrypted connection between a Unix box and a Windows client (without > using > a web server, that is)? Try and tunnel through ssh. Not sure about the MS box, but the *BSD box will handle it fine. http://www.cs.stanford.edu/security/tunnel.html (just one example) I have found putty to be a good Win32 ssh client. Search for putty.exe at http://www.google.com HTH Cheers
"Paul A. Lender" wrote: > > Hi folks > > I submitted this directly to the novice and general news groups -- getting > no responses -- before I had subscribed to the list, and I apologize to > anyone who may have responded previously. > > I've got a FreeBSD 4.2 box running PostgreSQL 7.0.3 and Windows clients > that talk to it via LIBPQ.DLL (Zeos controls, ODBC, pgAccess...). > > I have a firewall on the BSD box using ipf, but I have to assume -- at > least for the sake of argument -- that someone can still monitor data > coming off the box. > > MY QUESTION -- When query results are sent to the client, where does the > conversion of stored binary data to easily readable text take > place: on the server before it leaves for the clients, or at libpq.dll ON > the clients? On the server, though I imagine the "binary data" itself would be fairly easy to read as well. > > If the transfer between boxes is text, does anyone have experience using an > encrypted connection between a Unix box and a Windows client (without using > a web server, that is)? > The one I know about is SSH using TeraTerm + TTSSH. But that gives you a (probably) unwanted terminal window, and there are probably other methods. Is there really no *other* confidential information going back and forth on your LAN?
From: "Paul A. Lender" <lender@tc.umn.edu> > Hi folks > > I've got a FreeBSD 4.2 box running PostgreSQL 7.0.3 and Windows clients > that talk to it via LIBPQ.DLL (Zeos controls, ODBC, pgAccess...). > > I have a firewall on the BSD box using ipf, but I have to assume -- at > least for the sake of argument -- that someone can still monitor data > coming off the box. If it goes over the wire, then yes. > MY QUESTION -- When query results are sent to the client, where does the > conversion of stored binary data to easily readable text take > place: on the server before it leaves for the clients, or at libpq.dll ON > the clients? AFAIK if you query for text, you get plain text on the wire. In any case, if you're actually worried about security you'll want real encryption. > If the transfer between boxes is text, does anyone have experience using an > encrypted connection between a Unix box and a Windows client (without using > a web server, that is)? There is an option to use SSL links with Postgresql, but that's about all I know. I have no idea whether you can get that to work on the Windows end. The other option would be to port-foward your connection using ssh. There are several implementations available for unix-like systems (try www.openssh.org) and on the PCs TeraTerm + a module and Putty (try a google search). HTH - Richard Huxton