Re: pg_upgrade using appname to lock out other users

Peter Eisentraut <peter_e@gmx.net> writes:
> On ons, 2011-06-15 at 17:50 -0400, Tom Lane wrote:
>> Bruce Momjian <bruce@momjian.us> writes:
>>> Peter Eisentraut wrote:
>>>> On non-Windows servers you could get this even safer by disabling the
>>>> TCP/IP socket altogether, and placing the Unix-domain socket in a
>>>> private temporary directory.  The "port" wouldn't actually matter then.

>>> Yes, it would be nice to just create the socket in the current
>>> directory.  The fact it doesn't work on Windows would cause our docs to
>>> have to differ for Windows, which seems unfortunate.

>> It still wouldn't be bulletproof against someone running as the postgres
>> user, so probably not worth the trouble.

> But the postgres user would normally be the DBA itself, so it'd be his
> own fault.  I don't see how you can easily make any process safe from
> interference by the same user account.

Well, the point here is that it's not bulletproof, it's just making it
incrementally harder to connect accidentally.  Given that Windows
wouldn't be covered, I don't see that it's worth the trouble compared to
just switching to a nondefault port number.  (Am I wrong to think that
Windows users are more likely to mess up here?)
        regards, tom lane