On Fri, Jan 18, 2008 at 11:24:09AM +0100, Peter Eisentraut wrote:
> Am Donnerstag, 17. Januar 2008 schrieb Andrew Dunstan:
> > I agree. I remain of the opinion that this is not a problem than can be
> > solved purely within the bounds of postgres.
>
> Well, the SSL patch I showed certainly solves the problem. (I am not saying
> it is the best possible solution.) Of course there also need to be prudent
> users, but that is the case for any security system.
Not that much more than moving the socket file to a secure directory. Both
rely on configuring the client properly. It's arguably a lot easier to
configure the client to connect to the correct socket, than to make sure
the client has a root certificate installed.
//Magnus