Thread: SSL use
hi, im handling some important information that needs to be stored in my postgresql database via a php script. i´ve been reading the mails sent on this mailing list on SSL use. my postgresql server allows SSL connections but im not sure how to make use of this.id like to know more about ssl and how to take advantage of its security features. any references? from my php script, do i need to make a special connection to the database or is the same e.g pg_connect(host= localhost dbname=test user=p password=p)? is my information automatically transfered in an encrypted fashion? thnax
On Fri, Apr 22, 2005 at 04:38:29PM -0400, ruel.cima wrote: > > im handling some important information that needs to be stored in my > postgresql database via a php script. i've been reading the mails sent on > this mailing list on SSL use. my postgresql server allows SSL connections > but im not sure how to make use of this.id like to know more about ssl and > how to take advantage of its security features. any references? The documentation index has a few entries for "SSL". Here are some useful links for 8.0: http://www.postgresql.org/docs/8.0/interactive/ssl-tcp.html http://www.postgresql.org/docs/8.0/interactive/libpq.html#LIBPQ-CONNECT http://www.postgresql.org/docs/8.0/interactive/client-authentication.html#AUTH-PG-HBA-CONF > from my php script, do i need to make a special connection to the database > or is the same e.g pg_connect(host= localhost dbname=test user=p > password=p)? You could add "sslmode=require" to attempt only an SSL connection. If the connection should always be encrypted, then you could edit the server's pg_hba.conf and allow only "hostssl" connections. In that case you shouldn't need to specify "sslmode=require" when you connect, although doing so serves as a safety measure against pg_hba.conf misconfiguration, and as a reminder that the connection should be encrypted. > is my information automatically transfered in an encrypted fashion? Yes, assuming you've successfully negotiated an SSL connection. To be sure, you could use a sniffer like tcpdump or ethereal to look at the traffic. -- Michael Fuhr http://www.fuhr.org/~mfuhr/
On Fri, Apr 22, 2005 at 16:38:29 -0400, "ruel.cima" <ruel.cima@facinf.uho.edu.cu> wrote: > hi, > > im handling some important information that needs to be stored in my > postgresql database via a php script. i´ve been reading the mails sent on > this mailing list on SSL use. my postgresql server allows SSL connections > but im not sure how to make use of this.id like to know more about ssl and > how to take advantage of its security features. any references? > > from my php script, do i need to make a special connection to the database > or is the same e.g pg_connect(host= localhost dbname=test user=p > password=p)? If postgres is running on the same machine as php there isn't much point in using encryption of the connection. You are probably better off using domain sockets instead of a network connection in this case.