Bruce Momjian wrote:
> Bruce Momjian wrote:
> > I think at a minimum we need to add documentation that states if you
> > don't trust the local users on the postmaster server you should:
> >
> > o create unix domain socket files in a non-world-writable
> > directory
> > o require SSL server certificates for TCP connections
>
> I have written documentation for this item:
>
> http://momjian.us/tmp/pgsql/server-shutdown.html#SERVER-SPOOFING
>
> Comments?
What you actually need on the client side is ~/.postgresql/root.crt, not
~/.postgresql/postgresql.crt as you wrote.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/