Re: [HACKERS] SSL over Unix-domain sockets
| От | Andrew Dunstan |
|---|---|
| Тема | Re: [HACKERS] SSL over Unix-domain sockets |
| Дата | |
| Msg-id | 478F83EE.3090904@dunslane.net обсуждение исходный текст |
| Ответ на | Re: [HACKERS] SSL over Unix-domain sockets (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: [HACKERS] SSL over Unix-domain sockets
Re: [HACKERS] SSL over Unix-domain sockets |
| Список | pgsql-patches |
Tom Lane wrote: > Bruce Momjian <bruce@momjian.us> writes: > >> Peter Eisentraut wrote: >> >>> How does that prevent spoofing? >>> > > >> It creates a lock file that is the same name as the socket file that a >> default-configured client would use, so it prevents a spoofed socket >> from being created. >> > > Only if the attacker didn't get there first. I think this idea is > nothing but a crude kluge anyway... > > I agree. I remain of the opinion that this is not a problem than can be solved purely within the bounds of postgres. cheers andrew
В списке pgsql-patches по дате отправления: