Re: SSL over Unix-domain sockets
| От | Bruce Momjian |
|---|---|
| Тема | Re: SSL over Unix-domain sockets |
| Дата | |
| Msg-id | 200801041737.m04Hbbk25708@momjian.us обсуждение исходный текст |
| Ответ на | Re: SSL over Unix-domain sockets (Peter Eisentraut <peter_e@gmx.net>) |
| Ответы |
Re: SSL over Unix-domain sockets
|
| Список | pgsql-hackers |
Peter Eisentraut wrote: > Am Freitag, 4. Januar 2008 schrieb Bruce Momjian: > > Peter Eisentraut wrote: > > > Using the attached patch, SSL will act over Unix-domain sockets. AFAICT, > > > this just works. I didn't find a way to sniff a Unix-domain socket, > > > however. > > > > > > How should we proceed with this? > > > > I am confused by the shortness of this patch. Right now pg_hba.conf > > has: > > > > # host DATABASE USER CIDR-ADDRESS METHOD [OPTION] > > # hostssl DATABASE USER CIDR-ADDRESS METHOD [OPTION] > > # hostnossl DATABASE USER CIDR-ADDRESS METHOD [OPTION] > > > > These are all for TCP connections. How do we handle 'local' SSL > > connection specification? Do we want to provide similar functionality > > for local connections? > > Yes, we might want to add that as well. That and some documentation updates > would probably cover everything. OK. Right now the documentation about spoofing says to use directory permissions for the socket, and that works. I am thinking this is something for 8.4. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://postgres.enterprisedb.com + If your life is a hard drive, Christ can be your backup. +
В списке pgsql-hackers по дате отправления: