Re: Spoofing as the postmaster

Bruce Momjian wrote:
> I think at a minimum we need to add documentation that states if you
> don't trust the local users on the postmaster server you should:
> 
>     o  create unix domain socket files in a non-world-writable
>        directory
>     o  require SSL server certificates for TCP connections

I have written documentation for this item:
http://momjian.us/tmp/pgsql/server-shutdown.html#SERVER-SPOOFING

Comments?

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://postgres.enterprisedb.com
 + If your life is a hard drive, Christ can be your backup. +