Re: SSL over Unix-domain sockets
| От | Kevin Grittner |
|---|---|
| Тема | Re: SSL over Unix-domain sockets |
| Дата | |
| Msg-id | 478C91CC.EE98.0025.0@wicourts.gov обсуждение |
| Ответ на | Re: SSL over Unix-domain sockets (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
>>> On Mon, Jan 14, 2008 at 9:33 PM, in message <11967.1200368008@sss.pgh.pa.us>, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Yeah, all of this is about confusion and error-proneness. I still think > that the real problem is that we don't have full control over > client-side code, and therefore can't just write off the problem of a > client deciding to connect to /tmp/.s.PGSQL.5432 even if the local DBA > thinks the socket would be safer elsewhere. The local DBA may have sufficient control over client-side code. There probably are use cases where using a secure directory isn't a complete solution; but for us, the spoofing in /tmp is a real risk and using a secure directory solves the problem just fine. Are we sure there really are users who need the other options? -Kevin
В списке pgsql-hackers по дате отправления: