Re: Spoofing as the postmaster
| От | Peter Eisentraut |
|---|---|
| Тема | Re: Spoofing as the postmaster |
| Дата | |
| Msg-id | 200712230941.04594.peter_e@gmx.net обсуждение исходный текст |
| Ответ на | Re: Spoofing as the postmaster (Bruce Momjian <bruce@momjian.us>) |
| Ответы |
Re: Spoofing as the postmaster
|
| Список | pgsql-hackers |
Bruce Momjian wrote: > Bruce Momjian wrote: > > I think at a minimum we need to add documentation that states if you > > don't trust the local users on the postmaster server you should: > > > > o create unix domain socket files in a non-world-writable > > directory > > o require SSL server certificates for TCP connections > > I have written documentation for this item: > > http://momjian.us/tmp/pgsql/server-shutdown.html#SERVER-SPOOFING > > Comments? What you actually need on the client side is ~/.postgresql/root.crt, not ~/.postgresql/postgresql.crt as you wrote. -- Peter Eisentraut http://developer.postgresql.org/~petere/
В списке pgsql-hackers по дате отправления: