Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: pgsql-hackers(at)postgresql(dot)org
Cc: Bruce Momjian <bruce(at)momjian(dot)us>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-23 08:41:03
Message-ID: (view raw or whole thread)
Lists: pgsql-hackers
Bruce Momjian wrote:
> Bruce Momjian wrote:
> > I think at a minimum we need to add documentation that states if you
> > don't trust the local users on the postmaster server you should:
> >
> > 	o  create unix domain socket files in a non-world-writable
> > 	   directory
> > 	o  require SSL server certificates for TCP connections
> I have written documentation for this item:
> Comments?

What you actually need on the client side is ~/.postgresql/root.crt, not 
~/.postgresql/postgresql.crt as you wrote.

Peter Eisentraut

In response to


pgsql-hackers by date

Next:From: Magnus HaganderDate: 2007-12-23 10:30:04
Subject: Re: Spoofing as the postmaster
Previous:From: Gregory StarkDate: 2007-12-23 07:57:07
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2015 The PostgreSQL Global Development Group