Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: "D'Arcy J(dot)M(dot) Cain" <darcy(at)druid(dot)net>
To: Bruce Momjian <bruce(at)momjian(dot)us>
Cc: PostgreSQL-development <pgsql-hackers(at)postgreSQL(dot)org>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-22 15:04:19
Message-ID: 20071222100419.721d9827.darcy@druid.net (view raw or flat)
Thread:
Lists: pgsql-hackers
On Sat, 22 Dec 2007 09:25:05 -0500 (EST)
Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> I think at a minimum we need to add documentation that states if you
> don't trust the local users on the postmaster server you should:
> 
> 	o  create unix domain socket files in a non-world-writable
> 	   directory
> 	o  require SSL server certificates for TCP connections
> 
> Ideas?  

It's generally a bad idea to put your database on a public server
anyway but if you do you should definitely disable unix domain sockets
and connect over TCP to localhost.  That has been our rule for years.

It's certainly a corner case.  I would think that warnings, perhaps in
the config file itself, would be sufficient.

-- 
D'Arcy J.M. Cain <darcy(at)druid(dot)net>         |  Democracy is three wolves
http://www.druid.net/darcy/                |  and a sheep voting on
+1 416 425 1212     (DoD#0082)    (eNTP)   |  what's for dinner.

In response to

Responses

pgsql-hackers by date

Next:From: Peter EisentrautDate: 2007-12-22 15:44:16
Subject: Re: Spoofing as the postmaster
Previous:From: Andrew ChernowDate: 2007-12-22 14:40:15
Subject: Re: timetz range check issue

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group