Skip site navigation (1) Skip section navigation (2)

Re: [HACKERS] SSL over Unix-domain sockets

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Mark Mielke <mark(at)mark(dot)mielke(dot)cc>
Subject: Re: [HACKERS] SSL over Unix-domain sockets
Date: 2008-01-17 16:10:47
Message-ID: 200801171610.m0HGAlZ25049@momjian.us (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Peter Eisentraut wrote:
> Bruce Momjian wrote:
> > I have written the following documentation addition suggesting the use
> > of external_pid_file.
> 
> How does that prevent spoofing?

It creates a lock file that is the same name as the socket file that a
default-configured client would use, so it prevents a spoofed socket
from being created.

-- 
  Bruce Momjian  <bruce(at)momjian(dot)us>        http://momjian.us
  EnterpriseDB                             http://postgres.enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +

In response to

Responses

pgsql-hackers by date

Next:From: Andrew DunstanDate: 2008-01-17 16:11:42
Subject: Re: proposal for 8.4: PL/pgSQL - statement CASE
Previous:From: Joshua D. DrakeDate: 2008-01-17 16:06:12
Subject: Re: proposal for 8.4: PL/pgSQL - statement CASE

pgsql-patches by date

Next:From: Tom LaneDate: 2008-01-17 16:31:40
Subject: Re: [HACKERS] SSL over Unix-domain sockets
Previous:From: Stephen FrostDate: 2008-01-17 14:37:29
Subject: Re: [ADMIN] postgresql in FreeBSD jails: proposal

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group