[EMAIL PROTECTED] (Eric) writes:
> In order to ensure all user are making SSL connection to the database,
> in the file pg_hba.conf, I change all the first columns into "hostssl"
> such that there is neither "host" nor "local" left.
> However, when I try to use a program written in Tcl to access the
> database, even without the option "requiressl=1" for "pg_connect", the
> program can still make connection to the database.
Is this a local-Unix-socket connection? We don't bother with SSL on
such connections. There's no point --- the only way to eavesdrop on
a local connection is to have broken into your kernel, at which point
it's game over anyway.
regards, tom lane
PS: it also occurs to me you might have forgotten to SIGHUP the
postmaster after editing pg_hba.conf...
---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faqs/FAQ.html
