Re: SSL over Unix-domain sockets

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: pgsql-hackers(at)postgresql(dot)org
Cc: Bruce Momjian <bruce(at)momjian(dot)us>
Subject: Re: SSL over Unix-domain sockets
Date: 2009-03-31 20:33:26
Message-ID: 200903312333.27548.peter_e@gmx.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Saturday 28 March 2009 00:42:28 Bruce Momjian wrote:
> I assume directory permissions controlling access to the socket file
> would be enough. You are going to have to set up SSL certificates
> anyway for this so isn't that just as hard as telling the client where
> the socket file is located?

The permissions on the socket file or the containing directory doesn't tell
much by itself, because you also need to consider who owns it. What that
basically comes down to is that the client would need to specify something
like, "I only want a connection to a server owned by 'postgres'." But the
client currently has no way of saying that, so we'd need to invent something
new.

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2009-03-31 20:45:11 Re: More message encoding woes
Previous Message Alvaro Herrera 2009-03-31 20:06:28 Re: More message encoding woes