Re: Re: [PATCHES] PostgreSQL virtual hosting support
От | Peter Eisentraut |
---|---|
Тема | Re: Re: [PATCHES] PostgreSQL virtual hosting support |
Дата | |
Msg-id | Pine.LNX.4.21.0011141859150.1116-100000@peter.localdomain обсуждение исходный текст |
Ответ на | Re: Re: [PATCHES] PostgreSQL virtual hosting support (Bruce Momjian <pgman@candle.pha.pa.us>) |
Список | pgsql-hackers |
Bruce Momjian writes: > > I think we had some discussions about changing the way that shared > > memory keys are generated, which might make this a less critical issue. > > But until something's done about that, this patch looks awfully > > dangerous. > > But do we yank it out for that reason? I don't think so. Now that I read the author's description of this feature, I'm no longer sure what it's good for: You can use this option to put the Unix domain socket in a directory that is private to one or more users usingUnix directory permissions. This is necessary for securely creating databases automatically on shared machines. In that situation, also disallow all TCP/IP connections initially in <filename>pg_hba.conf</filename>. You can do that in a more stylish and safer manner by using the unix_socket_permissions and unix_socket_group options. I won't argue for removing it, but let's not spread the word too widely before we fix the issues. :-) -- Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/
В списке pgsql-hackers по дате отправления: