On 7/29/16 11:13 AM, Bruce Momjian wrote:
> Yes, I am thinking of a case where Postgres is down but a malevolent
> user starts a Postgres server on 5432 to gather passwords. Verifying
> against an SSL certificate would avoid this problem, so there is some
> value in using SSL on localhost. (There is no such security available
> for Unix-domain socket connections.)
Sure, there is the requirepeer connection option for that.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services