Re: Spoofing as the postmaster
| От | Bruce Momjian |
|---|---|
| Тема | Re: Spoofing as the postmaster |
| Дата | |
| Msg-id | 200712231303.lBND31223521@momjian.us обсуждение исходный текст |
| Ответ на | Re: Spoofing as the postmaster (Peter Eisentraut <peter_e@gmx.net>) |
| Список | pgsql-hackers |
Peter Eisentraut wrote: > Bruce Momjian wrote: > > Bruce Momjian wrote: > > > I think at a minimum we need to add documentation that states if you > > > don't trust the local users on the postmaster server you should: > > > > > > o create unix domain socket files in a non-world-writable > > > directory > > > o require SSL server certificates for TCP connections > > > > I have written documentation for this item: > > > > http://momjian.us/tmp/pgsql/server-shutdown.html#SERVER-SPOOFING > > > > Comments? > > What you actually need on the client side is ~/.postgresql/root.crt, not > ~/.postgresql/postgresql.crt as you wrote. Thanks, updated: http://momjian.us/tmp/pgsql/preventing-server-spoofing.html (I mentioned the file name specificly so people like me wouldn't get confused.) :-) -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://postgres.enterprisedb.com + If your life is a hard drive, Christ can be your backup. +
В списке pgsql-hackers по дате отправления: