On Tue, Jun 26, 2001 at 02:00:14PM -0400, Derek Atkins was heard to remark:
> [EMAIL PROTECTED] (Linas Vepstas) writes:
>
> > On Tue, Jun 26, 2001 at 01:26:06PM -0400, Derek Atkins was heard to remark:
> > > Does postgres' internal network functionality include network-level
> > > encryption?
> >
> > The postgres documentation recommends setting up ssh to port-forward=20
> > the postgres port. And if you already know ssh, this seems to=20
> > be rather reasonable, at least to me.
>
> This seems hack-ish to me. :(
>
> I'd much rather see integrated security, at least in the form of
> a network module plug-in. Ah well.
Well, there was a time when I'd agree, but the more I'd think about it
... ssh really does have some pretty powerful VPN capabilities.
What its missing is support from all those firewall auto-config
tools and anti-port-scanner tools and auto-inetd or auto ipportfw
config tools. etc. If it had those it wouldn't seem so 'hackish'
The other way to think of ssh is as a command-line wrapper for SSL.
So instead of integrating SSL in directly (and dealing with all
the mess about agents, key management, etc that each app would
need to provide ) instead you have this unix-command-line-tool
tradition thing.
Adding SSL is easy. Thinking through the implications of how you
manage keys, etc. is hard. You, Mr. PGP, should know ...
--linas
--
Linas Vepstas -- [EMAIL PROTECTED] -- http://www.gnumatic.com/
_______________________________________________
gnucash-devel mailing list
[EMAIL PROTECTED]
http://www.gnumatic.com/cgi-bin/mailman/listinfo/gnucash-devel
