Re: [HACKERS] SSL over Unix-domain sockets

On Fri, Jan 18, 2008 at 11:24:09AM +0100, Peter Eisentraut wrote:
> Am Donnerstag, 17. Januar 2008 schrieb Andrew Dunstan:
> > I agree. I remain of the opinion that this is not a problem than can be
> > solved purely within the bounds of postgres.
>
> Well, the SSL patch I showed certainly solves the problem.  (I am not saying
> it is the best possible solution.)  Of course there also need to be prudent
> users, but that is the case for any security system.

Not that much more than moving the socket file to a secure directory. Both
rely on configuring the client properly. It's arguably a lot easier to
configure the client to connect to the correct socket, than to make sure
the client has a root certificate installed.

//Magnus