Am Montag, 14. Januar 2008 schrieb Tom Lane:
> If we do want to apply Peter's patch, I think it needs to be extended so
> that the default behavior on sockets is the same as before, ie, no SSL.
> This could be done by giving libpq an additional connection parameter,
> say "socketsslmode", having the same alternatives as sslmode but
> defaulting to "allow" instead of "prefer".
I suggest we don't do anything for 8.3, and return to investigate the full
range of options for 8.4. Those might include adding SSL support for local
sockets but disabled by default, using SO_PEERCRED to check the server
identity, and more fine-grained control over (multiple?) local socket
placement.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/