Makes sense. Is this something that should be implemented in postgresql, or via 

Am 19. Juli 2016 16:00:05 MESZ, schrieb Magnus Hagander <>:
>On Sun, Jul 17, 2016 at 10:07 PM, Christoph Berg <>
>> Re: Peter Eisentraut 2016-07-17 <
>> > On 7/15/16 3:07 PM, Andrew Dunstan wrote:
>> > > Do those packagers who install dummy certificates and turn SSL on
>> > > change their pg_hba.conf.sample files to use hostssl?. That could
>go a
>> > > long way towards encouraging people.
>> >
>> > Debian, which I guess sort of started this, does not, but there are
>> > allusions to it in the TODO list.
>> I guess we should actually do that if we had any non-local(host)
>> entries in there by default, but we don't touch the default
>> pg_hba.conf from pg_createcluster.
>What could actually be useful there is to explicitly put hostnossl on
>localhost entries. With the current defaults on the clients, that
>break anything, and it would leave people without the performance
>that you run into in the default deployments. And for localhost it
>does't make sense to encrypt -- for the local LAN segment that can be
>argued, but for localhost...
> Magnus Hagander
> Me:
> Work:

Reply via email to