Re: [HACKERS] backend/frontend communication
Brett McCormick <brett@work.chicken.org>
From: Brett McCormick <brett@work.chicken.org>
To: Tom Ivar Helbekkmo <tih+mail@Hamartun.Priv.NO>
Cc: pgsql-hackers@hub.org
Date: 1998-05-28T06:17:40Z
Lists: pgsql-hackers
On , 28 May 1998, at 07:40:37, Tom Ivar Helbekkmo wrote: > > I'm rewriting my SSL for patch so it's a little less messy, [...] > > Does this mean that you're adding a facility for an encrypted data > stream between server and clients? If so, great! Are you adding this > in such a way that other mechanisms than SSL can be facilitated? I'd > like to take a shot at adding Kerberos IV encryption to your model... Once the patch is rewritten, yes, all fe/be communication will take place in two functions, pq_read and pq_write. It'll take a little more to make it completely modularized (once bruce removes the exec() it will make things much better -- as it is the SSL connection must be renegotiated at that point) but I think it is worth the effort. I may go as far as to allow pluggable transport mechanisms and authentication. It's a work in progress. The info page is at http://www.chicken.org/pgsql/ssl/ It details some of the changes I plan to make, as well as a short description of the patch and how I feel about the fe/be communication. However, it is probably poorly written, so I should probably change that. I warn against using it at this point -- libpq is the only interface guarunteed to work, which means no perl interface without some ugly hacking. This will change.