Re: Re: [PATCHES] PostgreSQL virtual hosting support

Bruce Momjian writes:

> > I think we had some discussions about changing the way that shared
> > memory keys are generated, which might make this a less critical issue.
> > But until something's done about that, this patch looks awfully
> > dangerous.
> 
> But do we yank it out for that reason?  I don't think so.

Now that I read the author's description of this feature, I'm no longer
sure what it's good for:
       You can use this option to put the Unix domain socket in a       directory that is private to one or more users
usingUnix       directory permissions.  This is necessary for securely       creating databases automatically on shared
machines. In that       situation, also disallow all TCP/IP connections initially in
<filename>pg_hba.conf</filename>.

You can do that in a more stylish and safer manner by using the
unix_socket_permissions and unix_socket_group options.

I won't argue for removing it, but let's not spread the word too widely
before we fix the issues. :-)

-- 
Peter Eisentraut      peter_e@gmx.net       http://yi.org/peter-e/