Re: Spoofing as the postmaster

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: PostgreSQL-development <pgsql-hackers(at)postgreSQL(dot)org>
Cc: Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-23 02:25:03
Message-ID: 200712230225.lBN2P3d09643@momjian.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Bruce Momjian wrote:
> I think at a minimum we need to add documentation that states if you
> don't trust the local users on the postmaster server you should:
>
> o create unix domain socket files in a non-world-writable
> directory
> o require SSL server certificates for TCP connections

I have written documentation for this item:

http://momjian.us/tmp/pgsql/server-shutdown.html#SERVER-SPOOFING

Comments?

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://postgres.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Brendan Jurd 2007-12-23 03:04:14 Re: Spoofing as the postmaster
Previous Message Bruce Momjian 2007-12-23 02:10:38 Re: Spoofing as the postmaster