Remote Postgres access??
Linas Vepstas
linas@linas.org
Tue, 26 Jun 2001 16:41:54 -0500
On Tue, Jun 26, 2001 at 02:00:14PM -0400, Derek Atkins was heard to remark:
> linas@linas.org (Linas Vepstas) writes:
>=20
> > On Tue, Jun 26, 2001 at 01:26:06PM -0400, Derek Atkins was heard to rem=
ark:
> > > Does postgres' internal network functionality include network-level
> > > encryption?
> >=20
> > The postgres documentation recommends setting up ssh to port-forward=3D=
20
> > the postgres port. And if you already know ssh, this seems to=3D20
> > be rather reasonable, at least to me.
>=20
> This seems hack-ish to me. :(
>=20
> I'd much rather see integrated security, at least in the form of
> a network module plug-in. Ah well.
Well, there was a time when I'd agree, but the more I'd think about it
=2E.. ssh really does have some pretty powerful VPN capabilities. =20
What its missing is support from all those firewall auto-config
tools and anti-port-scanner tools and auto-inetd or auto ipportfw
config tools. etc. If it had those it wouldn't seem so 'hackish'
The other way to think of ssh is as a command-line wrapper for SSL.
So instead of integrating SSL in directly (and dealing with all
the mess about agents, key management, etc that each app would=20
need to provide ) instead you have this unix-command-line-tool=20
tradition thing. =20
Adding SSL is easy. Thinking through the implications of how you=20
manage keys, etc. is hard. You, Mr. PGP, should know ...
--linas=20
--=20
Linas Vepstas -- linas@gnumatic.com -- http://www.gnumatic.com/