Postgresql SSL Connection

Everything else that doesn't fall into one of the other PB categories.
User avatar
digital32
User
User
Posts: 23
Joined: Fri Dec 28, 2012 1:28 am

Postgresql SSL Connection

Post by digital32 »

I'm using PureBasic 5.44 and talking to a Postgresql database. I'm getting an error "no pg_hba.conf entry for host "172.1xx.xx.x", user "reports", database "portal", SSL off”

If I modify the pg_HBA.conf file it will let me in. But this may be a violation of security in my company.

PGAdmin 4 works fine because it can do SLL encryption.

Has this been resolved in newer versions of PureBasic?

Note: Turning SSL off for my connection may not be an option.
Thorium
Addict
Addict
Posts: 1271
Joined: Sat Aug 15, 2009 6:59 pm

Re: Postgresql SSL Connection

Post by Thorium »

digital32 wrote:I'm using PureBasic 5.44 and talking to a Postgresql database. I'm getting an error "no pg_hba.conf entry for host "172.1xx.xx.x", user "reports", database "portal", SSL off”

If I modify the pg_HBA.conf file it will let me in. But this may be a violation of security in my company.

PGAdmin 4 works fine because it can do SLL encryption.

Has this been resolved in newer versions of PureBasic?

Note: Turning SSL off for my connection may not be an option.
I don't think is SSL was been added to any of PureBasics functions. Same for HTTPS.
I guess for databases it's not a big issue because most people run the database only on the local host and do not let it communicate over the network. So all communication to and from the database never leaves the host machine.
User avatar
spikey
Enthusiast
Enthusiast
Posts: 581
Joined: Wed Sep 22, 2010 1:17 pm
Location: United Kingdom

Re: Postgresql SSL Connection

Post by spikey »

Thorium wrote:I guess for databases it's not a big issue because most people run the database only on the local host and do not let it communicate over the network. So all communication to and from the database never leaves the host machine.
I'd disagree with this. In my experience most databases are remote to the client machines in a server room somewhere and almost all communication is done over a network. If you can hack any of the devices on the LAN (up to and including the server) you could install a packet sniffer to capture any useful data which might allow a direct attack on the database to hack it.

In these modern days of mobile apps I can only see this issue getting more significant.
User avatar
skywalk
Addict
Addict
Posts: 3972
Joined: Wed Dec 23, 2009 10:14 pm
Location: Boston, MA

Re: Postgresql SSL Connection

Post by skywalk »

Thorium wrote:I guess for databases it's not a big issue because most people run the database only on the local host and do not let it communicate over the network. So all communication to and from the database never leaves the host machine.
Methinks Thorium was being sarcastic? :?
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum
Thorium
Addict
Addict
Posts: 1271
Joined: Sat Aug 15, 2009 6:59 pm

Re: Postgresql SSL Connection

Post by Thorium »

skywalk wrote:
Thorium wrote:I guess for databases it's not a big issue because most people run the database only on the local host and do not let it communicate over the network. So all communication to and from the database never leaves the host machine.
Methinks Thorium was being sarcastic? :?
Not really. It's even mentioned in the config of postgre that it is recommended to keep it bound to the local host only. A remote connection, even via SSL, is a security problem on it's own.

I understand the need for secure remote access and i know that there are uses. However most application i know of don't connect from the client to the database, but from the client to the server software and the server software will connect to the database. So the server software can handle access rights, etc.
I don't say all software does it this way but it's very common and probably the reason why SSL wasn't requested a lot and is still not supported by PB.
User avatar
skywalk
Addict
Addict
Posts: 3972
Joined: Wed Dec 23, 2009 10:14 pm
Location: Boston, MA

Re: Postgresql SSL Connection

Post by skywalk »

Yes, I see your point. I never polled the database accesses I encounter. Fossil is a cgi based SQLite database with SSL access in the exe in front of the database. Which is another Client/Server case. But, within a trusted domain, you could run queries or administration utilities against non-local databases and still come across SSL or some other Username/Password hurdle.
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum
Post Reply