Thread: Logging Question (SSL)

Logging Question (SSL)

From

"Patrick Linstruth (QNET)"

Date:

22 September 2009, 00:12:57

Hi, I'm new to Postgresql and have a couple of questions.

I want to be sure that the pg_connect() from PHP to my server is,
in fact, using SSL.

I was hoping that the server would log this fact, but it doesn't appear
to do so.

Does anyone know how to tell the server to log whether or not a
database connection from a remote host is using SSL or not.

I have "hostssl" in pg_hba.conf, but since I'm new to Postgresql,
I don't have a lot of faith in my setup. I would be a lot happier
if I saw a reference to "SSL" in a log file somewhere.

Thank you,

Patrick

Re: Logging Question (SSL)

From

Tom Lane

Date:

22 September 2009, 01:05:33

"Patrick Linstruth (QNET)" <patrick@qnet.com> writes:
> Hi, I'm new to Postgresql and have a couple of questions.
> I want to be sure that the pg_connect() from PHP to my server is,
> in fact, using SSL.

Seems like you should set pg_hba.conf to reject non-SSL connections...

> I have "hostssl" in pg_hba.conf, but since I'm new to Postgresql,
> I don't have a lot of faith in my setup.

Perhaps you should post your conf file and ask if it's okay.
Or if you really want proof, get out a packet sniffer and
watch the traffic.

            regards, tom lane