Re: [HACKERS] SSL over Unix-domain sockets
| От | Bruce Momjian |
|---|---|
| Тема | Re: [HACKERS] SSL over Unix-domain sockets |
| Дата | |
| Msg-id | 200801180224.m0I2OQh25950@momjian.us обсуждение исходный текст |
| Ответ на | Re: [HACKERS] SSL over Unix-domain sockets (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-patches |
Tom Lane wrote: > Bruce Momjian <bruce@momjian.us> writes: > > I am confused because you say "dangling" then you say "to the real > > socket". You are saying it isn't dangling when the server is running? > > Exactly. When the server is running it provides a perfectly good path > to the postmaster. The point (and the main difference from your PIDfile > proposal) is that it's supposed to be there all the time, even when the > postmaster isn't running. This is what provides protection against the > spoofer getting there first. OK, got it. > > If you are going to require the admin to modify the tmp cleanup script, > > the admin might as well create the symlink at the same time and have it > > recreate on boot. > > No, that's not the same, because it doesn't provide protection against > the symlink getting deleted later on. Right, so you have to modify the tmp cleaner and create the symlink, right? -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://postgres.enterprisedb.com + If your life is a hard drive, Christ can be your backup. +
В списке pgsql-patches по дате отправления: