Re: [HACKERS] SSL over Unix-domain sockets

Поиск
Список
Период
Сортировка
От Andrew Dunstan
Тема Re: [HACKERS] SSL over Unix-domain sockets
Дата
Msg-id 478F83EE.3090904@dunslane.net
обсуждение исходный текст
Ответ на Re: [HACKERS] SSL over Unix-domain sockets  (Tom Lane <tgl@sss.pgh.pa.us>)
Ответы Re: [HACKERS] SSL over Unix-domain sockets  (Alvaro Herrera <alvherre@commandprompt.com>)
Re: [HACKERS] SSL over Unix-domain sockets  (Peter Eisentraut <peter_e@gmx.net>)
Список pgsql-patches
Дерево обсуждения 

Tom Lane wrote:
> Bruce Momjian <bruce@momjian.us> writes:
>
>> Peter Eisentraut wrote:
>>
>>> How does that prevent spoofing?
>>>
>
>
>> It creates a lock file that is the same name as the socket file that a
>> default-configured client would use, so it prevents a spoofed socket
>> from being created.
>>
>
> Only if the attacker didn't get there first.  I think this idea is
> nothing but a crude kluge anyway...
>
>

I agree. I remain of the opinion that this is not a problem than can be
solved purely within the bounds of postgres.

cheers

andrew

В списке pgsql-patches по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: [HACKERS] SSL over Unix-domain sockets
Следующее
От: Simon Riggs
Дата:
Сообщение: Doc patch for Bug 3877