Skip site navigation (1) Skip section navigation (2)

Re: [HACKERS] SSL over Unix-domain sockets

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Bruce Momjian <bruce(at)momjian(dot)us>
Cc: PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Mark Mielke <mark(at)mark(dot)mielke(dot)cc>
Subject: Re: [HACKERS] SSL over Unix-domain sockets
Date: 2008-01-18 10:22:41
Message-ID: 200801181122.42173.peter_e@gmx.net (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Am Donnerstag, 17. Januar 2008 schrieb Bruce Momjian:
> It creates a lock file that is the same name as the socket file that a
> default-configured client would use, so it prevents a spoofed socket
> from being created.

A counter-spoofing solution must be implemented in the client.  No moving 
around of files by the server will ever solve the problem.

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/

In response to

pgsql-hackers by date

Next:From: Peter EisentrautDate: 2008-01-18 10:24:09
Subject: Re: [HACKERS] SSL over Unix-domain sockets
Previous:From: Dave PageDate: 2008-01-18 09:17:13
Subject: Re: Simple thing to make pg_autovacuum more useful

pgsql-patches by date

Next:From: Peter EisentrautDate: 2008-01-18 10:24:09
Subject: Re: [HACKERS] SSL over Unix-domain sockets
Previous:From: Greg SmithDate: 2008-01-18 08:37:00
Subject: Re: [HACKERS] SSL over Unix-domain sockets

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group