Peter Eisentraut <peter_e@gmx.net> writes:
> The fact that the database server is wide-open in the default installation
> is surely not good, but the problem is that we don't have a universally
> accepted way to lock it down. We could make password authentication the
> default, but that would annoy a whole lot of people.
Yes, particularly for pg_dumpall scripts...
> Another option would be to set the unix domain socket permissions to
> 0200 by default, so only the user that's running the server can get
> in. I could live with that; not sure about others.
For my purposes this would be acceptable, but I wouldn't actually want
to use 0200. So it'd be nicer if the default socket permission were
trivially configurable (ideally as a configure switch). Given that,
I wouldn't mind if the default were 0200.
Note that locking down the unix socket is little help if one is using a
startup script that helpfully supplies -i by default. I am not sure
what the score is with all the startup scripts that are in various RPMs
and other platform-specific distributions; does anyone know if there are
any that ship with -i enabled?
regards, tom lane