Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: PostgreSQL-development <pgsql-hackers(at)postgreSQL(dot)org>
Cc: Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-23 02:25:03
Message-ID: 200712230225.lBN2P3d09643@momjian.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Bruce Momjian wrote:
> I think at a minimum we need to add documentation that states if you
> don't trust the local users on the postmaster server you should:
> 
> 	o  create unix domain socket files in a non-world-writable
> 	   directory
> 	o  require SSL server certificates for TCP connections

I have written documentation for this item:

	http://momjian.us/tmp/pgsql/server-shutdown.html#SERVER-SPOOFING

Comments?

-- 
  Bruce Momjian  <bruce(at)momjian(dot)us>        http://momjian.us
  EnterpriseDB                             http://postgres.enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +

In response to

Responses

pgsql-hackers by date

Next:From: Brendan JurdDate: 2007-12-23 03:04:14
Subject: Re: Spoofing as the postmaster
Previous:From: Bruce MomjianDate: 2007-12-23 02:10:38
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group