Am Montag, 22. Juni 2009 16:38:32 schrieben Sie: > Tom Lane wrote: > > Magnus Hagander <mag...@hagander.net> writes: > >> A question from that then, for others, is it Ok to add a field to the > >> PGconn structure during RC? :-) It's only in libpq-int.h, but? Comments? > > > > Changing PGconn internals doesn't bother me, but ... > > > > IIUC this is a pre-existing bug/limitation in an extremely seldom-used > > feature that we don't have any very good way to test. So I'm not really > > excited about trying to fix it in RC at all. The chances of breaking > > something seem much higher than the usefulness of the fix would warrant. > > > > I'd suggest holding the matter until 8.5 development opens. > > I think we'll see this feature used a lot more now, since we support > client certificate authentication. I bet that's the reason why Lars is > using it now, but wasn't using it before. Correct, Lars? That's right. Because clientside crypto engines and proper certificate authentication is supported now, I would like to use a strong smartcard-based login in our high security environment.
> That would be the argument for doing it now. We previously supported > engines for client certificates, but using client certificates at all > wasn't very useful in pre-8.4, and that's why it wasn't used almost at > all. While I don't expect a huge number of users of it in 8.4, I think > it is a *much* more useful feature now, and thus will be used a lot more. I could live with the patch during 8.4 cycle. But if we support crypto engines now, we may do it the way that it really works. regards Lars
signature.asc
Description: This is a digitally signed message part.
