Greetings,
* Kyle Bateman (k...@batemans.org) wrote:
> What I hope to accomplish is: Establish a secure, encrypted connection to
> Postgresql from a trusted process, possibly running on another machine, whom
> I trust to tell me which user (within a limited set, defined by a role) it
> would like
Kyle Bateman writes:
> On 10/11/19 1:05 PM, Tom Lane wrote:
>> I agree with Andrew that that's just silly. If you give all your users
>> the same cert then any of them can masquerade as any other. You might
>> as well just tell them to share the same login id.
> In my implementation, I'm not gi
On 10/11/19 1:05 PM, Tom Lane wrote:
Kyle Bateman writes:
On 10/11/19 12:12 PM, Andrew Dunstan wrote:
I think the short answer is: No. The client certificate should match the
username and nothing else. If you don't want to generate certificates
for all your users I suggest using some other for
Kyle Bateman writes:
> On 10/11/19 12:12 PM, Andrew Dunstan wrote:
>> I think the short answer is: No. The client certificate should match the
>> username and nothing else. If you don't want to generate certificates
>> for all your users I suggest using some other form of auth (e.g.
>> scram-sha-2
On 10/11/19 12:12 PM, Andrew Dunstan wrote:
On 10/11/19 1:58 PM, Kyle Bateman wrote:
I have some JS middleware that needs to securely connect to the
postgresql back end. Any number of different users may connect via
websocket to this middleware to manage their connection to the
database. I wan
On 10/11/19 1:58 PM, Kyle Bateman wrote:
> I have some JS middleware that needs to securely connect to the
> postgresql back end. Any number of different users may connect via
> websocket to this middleware to manage their connection to the
> database. I want the JS process to have a client cer
