Tomasz Ostrowski wrote:
> > Fundamentally these are man-in-the-middle attacks, and the only real
> > solution is mutual authentication.
>
> The problem is not many people expect man-in-the-middle attack on
> secure lan, localhost or local socket connection, so they'll not try
> to prevent it.
Agreed. This was the big surprise for me, and hence the new
documentation section I wrote.
I think based on this discussion that there is no way for us easily to
to avoid vulnerabilities so documentation/education seems the most
appropriate approach.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://postgres.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +