Thread: Preventing accidental non-SSL connections in psql?
How do I prevent accidental non-SSL connections (at least to specific hosts) when connecting via psql? Is there any configuration for this? Thanks.
On Wednesday, April 06, 2011 4:06:40 pm Yang Zhang wrote: > How do I prevent accidental non-SSL connections (at least to specific > hosts) when connecting via psql? Is there any configuration for this? > Thanks. http://www.postgresql.org/docs/9.0/interactive/auth-pg-hba-conf.html hostssl http://www.postgresql.org/docs/9.0/interactive/libpq-connect.html sslmode -- Adrian Klaver adrian.klaver@gmail.com
On Wed, Apr 6, 2011 at 4:22 PM, Adrian Klaver <adrian.klaver@gmail.com> wrote: > On Wednesday, April 06, 2011 4:06:40 pm Yang Zhang wrote: >> How do I prevent accidental non-SSL connections (at least to specific >> hosts) when connecting via psql? Is there any configuration for this? >> Thanks. > > http://www.postgresql.org/docs/9.0/interactive/auth-pg-hba-conf.html > hostssl > http://www.postgresql.org/docs/9.0/interactive/libpq-connect.html > sslmode I'm aware of sslmode and hostssl - the threat model I'm asking about is the client getting MITM'd because the user forgets to specify `psql sslmode=verify-full`.
On Wednesday, April 06, 2011 4:24:30 pm Yang Zhang wrote:
> On Wed, Apr 6, 2011 at 4:22 PM, Adrian Klaver <adrian.klaver@gmail.com> wrote:
> > On Wednesday, April 06, 2011 4:06:40 pm Yang Zhang wrote:
> >> How do I prevent accidental non-SSL connections (at least to specific
> >> hosts) when connecting via psql? Is there any configuration for this?
> >> Thanks.
> >
> > http://www.postgresql.org/docs/9.0/interactive/auth-pg-hba-conf.html
> > hostssl
> > http://www.postgresql.org/docs/9.0/interactive/libpq-connect.html
> > sslmode
>
> I'm aware of sslmode and hostssl - the threat model I'm asking about
> is the client getting MITM'd because the user forgets to specify `psql
> sslmode=verify-full`.
http://www.postgresql.org/docs/9.0/interactive/ssl-tcp.html
17.8.1. Using client certificates
--
Adrian Klaver
adrian.klaver@gmail.com
On Wed, Apr 6, 2011 at 5:24 PM, Yang Zhang <yanghatespam@gmail.com> wrote: > On Wed, Apr 6, 2011 at 4:22 PM, Adrian Klaver <adrian.klaver@gmail.com> wrote: >> On Wednesday, April 06, 2011 4:06:40 pm Yang Zhang wrote: >>> How do I prevent accidental non-SSL connections (at least to specific >>> hosts) when connecting via psql? Is there any configuration for this? >>> Thanks. >> >> http://www.postgresql.org/docs/9.0/interactive/auth-pg-hba-conf.html >> hostssl >> http://www.postgresql.org/docs/9.0/interactive/libpq-connect.html >> sslmode > > I'm aware of sslmode and hostssl - the threat model I'm asking about > is the client getting MITM'd because the user forgets to specify `psql > sslmode=verify-full`. As long as you only have hostssl entries for connections the users can't connect without ssl.
On Wed, Apr 6, 2011 at 4:53 PM, Adrian Klaver <adrian.klaver@gmail.com> wrote: > On Wednesday, April 06, 2011 4:24:30 pm Yang Zhang wrote: > >> On Wed, Apr 6, 2011 at 4:22 PM, Adrian Klaver <adrian.klaver@gmail.com> >> wrote: > >> > On Wednesday, April 06, 2011 4:06:40 pm Yang Zhang wrote: > >> >> How do I prevent accidental non-SSL connections (at least to specific > >> >> hosts) when connecting via psql? Is there any configuration for this? > >> >> Thanks. > >> > > >> > http://www.postgresql.org/docs/9.0/interactive/auth-pg-hba-conf.html > >> > hostssl > >> > http://www.postgresql.org/docs/9.0/interactive/libpq-connect.html > >> > sslmode > >> > >> I'm aware of sslmode and hostssl - the threat model I'm asking about > >> is the client getting MITM'd because the user forgets to specify `psql > >> sslmode=verify-full`. > > http://www.postgresql.org/docs/9.0/interactive/ssl-tcp.html > > 17.8.1. Using client certificates Client certs are only for client authentication; I'm interested in mandatory server authentication.
On Wed, Apr 6, 2011 at 4:57 PM, Scott Marlowe <scott.marlowe@gmail.com> wrote: > On Wed, Apr 6, 2011 at 5:24 PM, Yang Zhang <yanghatespam@gmail.com> wrote: >> On Wed, Apr 6, 2011 at 4:22 PM, Adrian Klaver <adrian.klaver@gmail.com> wrote: >>> On Wednesday, April 06, 2011 4:06:40 pm Yang Zhang wrote: >>>> How do I prevent accidental non-SSL connections (at least to specific >>>> hosts) when connecting via psql? Is there any configuration for this? >>>> Thanks. >>> >>> http://www.postgresql.org/docs/9.0/interactive/auth-pg-hba-conf.html >>> hostssl >>> http://www.postgresql.org/docs/9.0/interactive/libpq-connect.html >>> sslmode >> >> I'm aware of sslmode and hostssl - the threat model I'm asking about >> is the client getting MITM'd because the user forgets to specify `psql >> sslmode=verify-full`. > > As long as you only have hostssl entries for connections the users > can't connect without ssl. > hostssl is a server-side policy; I'm interested in setting up my client with mandatory server authentication.
On Wednesday, April 06, 2011 5:21:23 pm Yang Zhang wrote:
> On Wed, Apr 6, 2011 at 4:57 PM, Scott Marlowe <scott.marlowe@gmail.com> wrote:
> > On Wed, Apr 6, 2011 at 5:24 PM, Yang Zhang <yanghatespam@gmail.com> wrote:
> >> On Wed, Apr 6, 2011 at 4:22 PM, Adrian Klaver <adrian.klaver@gmail.com> wrote:
> >>> On Wednesday, April 06, 2011 4:06:40 pm Yang Zhang wrote:
> >>>> How do I prevent accidental non-SSL connections (at least to specific
> >>>> hosts) when connecting via psql? Is there any configuration for this?
> >>>> Thanks.
> >>>
> >>> http://www.postgresql.org/docs/9.0/interactive/auth-pg-hba-conf.html
> >>> hostssl
> >>> http://www.postgresql.org/docs/9.0/interactive/libpq-connect.html
> >>> sslmode
> >>
> >> I'm aware of sslmode and hostssl - the threat model I'm asking about
> >> is the client getting MITM'd because the user forgets to specify `psql
> >> sslmode=verify-full`.
> >
> > As long as you only have hostssl entries for connections the users
> > can't connect without ssl.
>
> hostssl is a server-side policy; I'm interested in setting up my
> client with mandatory server authentication.
http://www.postgresql.org/docs/9.0/interactive/libpq-envars.html
PGSSLMODE behaves the same as the sslmode connection parameter.
Now you have both ends and the middle:)
--
Adrian Klaver
adrian.klaver@gmail.com
On Wed, Apr 6, 2011 at 6:18 PM, Adrian Klaver <adrian.klaver@gmail.com> wrote: > On Wednesday, April 06, 2011 5:21:23 pm Yang Zhang wrote: > >> On Wed, Apr 6, 2011 at 4:57 PM, Scott Marlowe <scott.marlowe@gmail.com> >> wrote: > >> > On Wed, Apr 6, 2011 at 5:24 PM, Yang Zhang <yanghatespam@gmail.com> >> > wrote: > >> >> On Wed, Apr 6, 2011 at 4:22 PM, Adrian Klaver <adrian.klaver@gmail.com> >> >> wrote: > >> >>> On Wednesday, April 06, 2011 4:06:40 pm Yang Zhang wrote: > >> >>>> How do I prevent accidental non-SSL connections (at least to specific > >> >>>> hosts) when connecting via psql? Is there any configuration for this? > >> >>>> Thanks. > >> >>> > >> >>> http://www.postgresql.org/docs/9.0/interactive/auth-pg-hba-conf.html > >> >>> hostssl > >> >>> http://www.postgresql.org/docs/9.0/interactive/libpq-connect.html > >> >>> sslmode > >> >> > >> >> I'm aware of sslmode and hostssl - the threat model I'm asking about > >> >> is the client getting MITM'd because the user forgets to specify `psql > >> >> sslmode=verify-full`. > >> > > >> > As long as you only have hostssl entries for connections the users > >> > can't connect without ssl. > >> > >> hostssl is a server-side policy; I'm interested in setting up my > >> client with mandatory server authentication. > > http://www.postgresql.org/docs/9.0/interactive/libpq-envars.html > > PGSSLMODE behaves the same as the sslmode connection parameter. > > Now you have both ends and the middle:) Thanks, exactly what I was looking for.