On Wed, Apr 6, 2011 at 4:57 PM, Scott Marlowe <scott.marl...@gmail.com> wrote: > On Wed, Apr 6, 2011 at 5:24 PM, Yang Zhang <yanghates...@gmail.com> wrote: >> On Wed, Apr 6, 2011 at 4:22 PM, Adrian Klaver <adrian.kla...@gmail.com> >> wrote: >>> On Wednesday, April 06, 2011 4:06:40 pm Yang Zhang wrote: >>>> How do I prevent accidental non-SSL connections (at least to specific >>>> hosts) when connecting via psql? Is there any configuration for this? >>>> Thanks. >>> >>> http://www.postgresql.org/docs/9.0/interactive/auth-pg-hba-conf.html >>> hostssl >>> http://www.postgresql.org/docs/9.0/interactive/libpq-connect.html >>> sslmode >> >> I'm aware of sslmode and hostssl - the threat model I'm asking about >> is the client getting MITM'd because the user forgets to specify `psql >> sslmode=verify-full`. > > As long as you only have hostssl entries for connections the users > can't connect without ssl. >
hostssl is a server-side policy; I'm interested in setting up my client with mandatory server authentication. -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
