Commit 1ade285
pgconn: document secure connection configuration
Add a "Connecting Securely" section to the package doc showing a
hardened connection string (sslmode=verify-full, channel_binding=require,
require_auth=scram-sha-256) and explaining what each parameter protects
against.
Also expand the ParseConfig "Important Security Notes" to call out that
servicefile, passfile, sslkey, sslcert, and sslrootcert read files from
the local filesystem, and to point at ParseConfigWithOptions with
ConnStringAllowedKeys for connection strings built from untrusted input.
Documentation only; no functional change.
Co-Authored-By: Jack Christensen <jack@jackchristensen.com>1 parent b4d6d4d commit 1ade285
2 files changed
Lines changed: 35 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
293 | 293 | | |
294 | 294 | | |
295 | 295 | | |
| 296 | + | |
| 297 | + | |
| 298 | + | |
| 299 | + | |
| 300 | + | |
| 301 | + | |
| 302 | + | |
| 303 | + | |
| 304 | + | |
296 | 305 | | |
297 | 306 | | |
298 | 307 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
8 | 8 | | |
9 | 9 | | |
10 | 10 | | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| 31 | + | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
11 | 37 | | |
12 | 38 | | |
13 | 39 | | |
| |||
0 commit comments