Andrew Dunstan wrote:
Tom Lane wrote:
Andrew Dunstan <[EMAIL PROTECTED]> writes:
How does this look?
if (newtuple->t_len == oldtuple->t_len &&
newtuple->t_data->t_hoff == oldtuple->t_data->t_hoff &&
HeapTupleHeaderGetNatts(newtuple) ==
HeapTupleHeaderGetNatt
Bruce Momjian wrote:
OK, updated paragraph:
It is possible to have authentication without encryption overhead by
using NULL-SHA or NULL-MD5 ciphers. However,
a man-in-the-middle could read and pass communications between client
and server. Also, encryption overhead is minimal c
Mark Mielke wrote:
> Bruce Momjian wrote:
> > Good point. I have added the last two sentences to the documentation
> > paragraph to highlight this issue:
> >
> >OpenSSL supports a wide range of ciphers
> >and authentication algorithms, of varying strength. While a list of
> >ciphers c
Tom Lane wrote:
Bruce Momjian <[EMAIL PROTECTED]> writes:
Agreed. Requiring client root certificate checking is heavy-handed.
There seems to be some confusion here. I didn't think anyone was
proposing that we force every installation to require client root
certificate checking. What
Bruce Momjian wrote:
Good point. I have added the last two sentences to the documentation
paragraph to highlight this issue:
OpenSSL supports a wide range of ciphers
and authentication algorithms, of varying strength. While a list of
ciphers can be specified in the OpenSSL
configur
Tomasz Ostrowski wrote:
> On Sun, 23 Dec 2007, Tom Lane wrote:
>
> > ISTM we have these action items:
> > 1. Improve the code so that SSL authentication can be used across a
> > Unix-socket connection (we can disable encryption though).
>
> I've just realised that there's a problem with SSL with
Tom Lane wrote:
> Bruce Momjian <[EMAIL PROTECTED]> writes:
> > Agreed. Requiring client root certificate checking is heavy-handed.
>
> There seems to be some confusion here. I didn't think anyone was
> proposing that we force every installation to require client root
> certificate checking. Wh
Bruce Momjian <[EMAIL PROTECTED]> writes:
> Agreed. Requiring client root certificate checking is heavy-handed.
There seems to be some confusion here. I didn't think anyone was
proposing that we force every installation to require client root
certificate checking. What was under discussion (I t
Magnus Hagander wrote:
> We could make it so that we *require* the root certificate to be present
> on the client and make the check, and simply refuse to connect without
> it. But my guess is that it'll just increase the bar for SSL adoption at
> all, whilst most people will find some insecure way
Tom Lane wrote:
Andrew Dunstan <[EMAIL PROTECTED]> writes:
How does this look?
if (newtuple->t_len == oldtuple->t_len &&
newtuple->t_data->t_hoff == oldtuple->t_data->t_hoff &&
HeapTupleHeaderGetNatts(newtuple) == HeapTupleHeaderGetNatts(oldtuple)
&&
On Sat, 29 Dec 2007, Simon Riggs wrote:
System Shutdown
System shuts down, postmaster shuts down, archiver works furiously until
the end trying to archive things away. Archiver gets caught half way
through copy, so crashes, leaving archiver.pid. Subsequent startup sees
archiver.pid, postmaster r
On Thu, 2007-12-27 at 18:54 -0500, Tom Lane wrote:
> Simon Riggs <[EMAIL PROTECTED]> writes:
> > On Thu, 2007-12-27 at 17:29 -0500, Tom Lane wrote:
> >> Alvaro Herrera <[EMAIL PROTECTED]> writes:
> >>> then a subsequent postmaster start could initiate a second archiver
> >>> process which would ca
Andrew Dunstan <[EMAIL PROTECTED]> writes:
> How does this look?
> if (newtuple->t_len == oldtuple->t_len &&
> newtuple->t_data->t_hoff == oldtuple->t_data->t_hoff &&
> HeapTupleHeaderGetNatts(newtuple) ==
> HeapTupleHeaderGetNatts(oldtuple) &&
> (newtuple->t_data->t_i
Tom Lane wrote:
Andrew Dunstan <[EMAIL PROTECTED]> writes:
Tom Lane wrote:
Well, you could write the trigger in C and it'd work for any table.
I think it could be as simple as a memcmp of the tuples' data areas,
since we now require padding bytes to be 0 ...
Something lik
Magnus Hagander wrote:
Mark Mielke wrote:
I have done this for my own application before. Although the client and
server use standard TLS 1.0 to speak to each other with a required
authentication of RSA 1024-bit and a required encryption of AES 128-bit,
it still requires that passwords sent
Mark Mielke wrote:
> Andrew Sullivan wrote:
>> On Fri, Dec 28, 2007 at 07:48:22AM -0800, Trevor Talbot wrote:
>>
>>> I don't follow. What are banks doing on the web now to force clients
>>> to authenticate them, and how is it any different from the model of
>>> training users to check the SSL ce
Andrew Sullivan wrote:
> On Fri, Dec 28, 2007 at 07:48:22AM -0800, Trevor Talbot wrote:
>> I don't follow. What are banks doing on the web now to force clients
>> to authenticate them, and how is it any different from the model of
>> training users to check the SSL certificate?
>
> Some banks (mos
Andrew Sullivan wrote:
On Fri, Dec 28, 2007 at 07:48:22AM -0800, Trevor Talbot wrote:
I don't follow. What are banks doing on the web now to force clients
to authenticate them, and how is it any different from the model of
training users to check the SSL certificate?
Some banks (mostly
On Fri, Dec 28, 2007 at 07:48:22AM -0800, Trevor Talbot wrote:
> I don't follow. What are banks doing on the web now to force clients
> to authenticate them, and how is it any different from the model of
> training users to check the SSL certificate?
Some banks (mostly Swiss and German, from what
On 12/28/07, Tom Lane <[EMAIL PROTECTED]> wrote:
> "Trevor Talbot" <[EMAIL PROTECTED]> writes:
> > There's a fundamental problem that you can't make someone else do
> > authentication if they don't want to, and that's exactly the situation
> > clients are in. I don't see how this can possibly be f
Peter Eisentraut <[EMAIL PROTECTED]> writes:
> I have been observing a case where the row count estimation for LIKE 'foo' is
> (much) higher than for LIKE 'foo%', the rest of the query being the same.
> This is a special case of the estimation for equality being higher than for a
> range query th
"Trevor Talbot" <[EMAIL PROTECTED]> writes:
> There's a fundamental problem that you can't make someone else do
> authentication if they don't want to, and that's exactly the situation
> clients are in. I don't see how this can possibly be fixed anywhere
> other than the client.
The point of requi
On 12/28/07, Andrew Sullivan <[EMAIL PROTECTED]> wrote:
> On Sat, Dec 29, 2007 at 02:09:23AM +1100, Naz Gassiep wrote:
> > In the web world, it is the client's responsibility to ensure that they
> > check the SSL cert and don't do their banking at
> > www.bankofamerica.hax0r.ru and there is nothin
On Sat, Dec 29, 2007 at 02:09:23AM +1100, Naz Gassiep wrote:
> In the web world, it is the client's responsibility to ensure that they
> check the SSL cert and don't do their banking at
> www.bankofamerica.hax0r.ru and there is nothing that the real banking
> site can do to stop them using their
The problem with forcing authentication is that an auth-unaware client
connecting to a legitimate postmaster would have its connections
refused. That same client would have its connections accepted by an
impostor postmaster. Thus, there is no way to stop impostor postmasters
from carrying out t
On Thu, 27 Dec 2007, Stephen Frost wrote:
Debian also has SELinux, if one wishes to configure it. I suspect other
Debian-derived distributions also have it as a result. It can certainly
be a pain to configure but it's far from impossible
That's a good summary. As of Debian Etch (April of t
I have been observing a case where the row count estimation for LIKE 'foo' is
(much) higher than for LIKE 'foo%', the rest of the query being the same.
This is a special case of the estimation for equality being higher than for a
range query that includes the value used in the equality.
I have
27 matches
Mail list logo
