On May 2, 2007, at 3:11 AM, Magnus Hagander wrote:
As to the question of GSSAPI vs SSL, I would never argue we don't
want both.
Part of what made the GSSAPI encryption mods difficult was my intent
to insert them "above" the SSL encryption/buffering layer. That way
you could double-encrypt the channel. Since GSSAPI and SSL are
(probably, not necessarily) referenced to completely different ID
infrastructure there are scenarios where that's beneficial.
We might want to consider restructuring how SSL works when we do, that
might make it easier. The way it is now with #ifdefs all around can
lead to
a horrible mess if there are too many different things to choose from.
Something like "transport filters" or whatever might be a way to do
it. I
recall having looked at that at some point, but it was too long ago to
remember any details..
//Magnus
If someone wants to make it easier, that would be nice, I'm not up
for it, I don't think.
------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
[EMAIL PROTECTED], or [EMAIL PROTECTED]
---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
