On Sat, 29 Dec 2007 10:38:13 -0500
Andrew Dunstan <andrew@dunslane.net> wrote:
>
>
> D'Arcy J.M. Cain wrote:
> > - 1: How does the client assure that the postmaster is legit
> > - 2: How does the postmaster assure that the client is legit
>
> And neither answers the original problem:
Which seems to have been lost in the noise.
> 3. How can the sysadmin prevent a malicious local user from hijacking
> the sockets if the postmaster isn't running?
A better way of stating it for sure.
> Prevention is much more valuable than ex post detection, IMNSHO.
>
> Probably the first answer is not to run postgres on a machine with
> untrusted users, but that's not always possible. Maybe we can't find a
> simple cross-platform answer, but that doesn't mean we should not look
> at platform-specific answers, at least for documentation.
Yes, that's what I said at the start of this discussion. If you don't
trust the users with actual access to the box, the rest of this is
pretty much academic.
--
D'Arcy J.M. Cain <darcy@druid.net> | Democracy is three wolves
http://www.druid.net/darcy/ | and a sheep voting on
+1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.