Re: pg_upgrade improvements

Andres Freund <andres@anarazel.de> writes:
>> The point is to avoid the risk that someone else could connect to the
>> database at the same time you're doing work on it.

> I got that. I just fail to see what the advantage of using two pipes instead 
> of one socket as every other plain connection would be?

Yeah, that would be a small pain in the neck, but it eliminates a huge
pile of practical difficulties, like your blithe assumption that you can
find a "private directory" somewhere (wrong) or disallow access to other
people (also wrong, if they are using the same account as you).

The short answer is that sockets and named pipes are *meant* to be
publicly accessible.  Guaranteeing that they are not is a difficult
task full of possibilities for security holes.
        regards, tom lane