On Mon, Jan 14, 2008 at 10:24:06PM -0500, Bruce Momjian wrote:
> Yea, I figured using protected directories for the socket was the
> zero-cost solution, and if you have to do SSL, might as well just use
> TCP too. (If you moved the socket file to a protected directory I think
> you could use external_pid_file='/tmp/.s.PGSQL.5432' to prevent a spoof
> socket file in /tmp. Should we document that idea?)
Just for reference: who is it we're worried will check the old
location? Any client using libpq will use the protected directory
built into that. And JDBC is using TCP anyway because it doesn't
support Unix domain. Which seems like a very small minority of possible
clients.
Unless people are specifying (unnecessarily) /tmp directly in the
connection string? Is that common? Perhaps we should discourage that.
BTW, setting up a normal file in /tmp instead of a socket is OK, sockets
are connected to, not opened. Trying to open it normally produces the
error: No such device or address.
Have a nice day,
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/
> Those who make peaceful revolution impossible will make violent revolution inevitable.
> -- John F Kennedy