Re: Spoofing as the postmaster

On Sat, 22 Dec 2007 09:25:05 -0500 (EST)
Bruce Momjian <bruce@momjian.us> wrote:
> I think at a minimum we need to add documentation that states if you
> don't trust the local users on the postmaster server you should:
> 
>     o  create unix domain socket files in a non-world-writable
>        directory
>     o  require SSL server certificates for TCP connections
> 
> Ideas?  

It's generally a bad idea to put your database on a public server
anyway but if you do you should definitely disable unix domain sockets
and connect over TCP to localhost.  That has been our rule for years.

It's certainly a corner case.  I would think that warnings, perhaps in
the config file itself, would be sufficient.

-- 
D'Arcy J.M. Cain <darcy@druid.net>         |  Democracy is three wolves
http://www.druid.net/darcy/                |  and a sheep voting on
+1 416 425 1212     (DoD#0082)    (eNTP)   |  what's for dinner.