|
51 | 51 | | Yes |
52 | 52 | | |
53 | 53 | Fail with unknown |
| 54 | + |
| 55 | +Comments from Bear Giles: |
| 56 | + |
| 57 | +On a related note, I had mentioned this before but it's a subtle point |
| 58 | +and I'm sure that it's slipped everyone's mind... |
| 59 | + |
| 60 | + - if you need to have confidence in the identity of the database |
| 61 | +server, e.g., you're storing sensitive information and you absolutely |
| 62 | +must prevent any "man in the middle" attacks, use the SSL code I |
| 63 | +provided with server-side certs. To many users, the key issue is not |
| 64 | +whether the data is encrypted, it's whether the other party can be |
| 65 | +trusted to be who they claim to be. |
| 66 | + |
| 67 | +- if you just need confidentiality, but you don't need to verify the |
| 68 | +identity of the database server (e.g., because you trust the IP address, |
| 69 | +but worry about packet sniffers), SSH tunnels are much easier to set up |
| 70 | +and maintain than the embedded SSL code. You can set up the database |
| 71 | +server so it doesn't require a certificate (hell, you can hard code a |
| 72 | +fallback certificate into the server!), *but that violates the common |
| 73 | +practice of SSL-enabled servers.* I cannot overemphasize this - every |
| 74 | +other SSL-enabled server requires a certificate, and most provide |
| 75 | +installation scripts to create a "snake oil" temporary certificate. I |
| 76 | +can't think of any server (apache+mod_ssl, courier-imap, postfix(+tls), |
| 77 | +etc.) that uses anonymous servers. |
| 78 | + |
| 79 | +- if you don't need confidentiality, e.g., you're on a trusted network |
| 80 | +segment, then use direct access to the server port. |
| 81 | + |
0 commit comments