Andrew Sullivan wrote:
> On Sun, Dec 23, 2007 at 09:52:14PM +0100, Magnus Hagander wrote:
>> My point is that all these other server products have the exact same
>> issue. And that they deal with it the exact same we do - pretty much
>> leave it up to the guy who configure the server to realize that's just
>> how things work.
> The problem with that approach is that, in the computer security world,
> taking that approach is increasingly regarded as negligent. And pointing
> out that others are similarly negligent is not a response.
Sure. But we *do* provide a way to work around it *if you have to*: use
SSL with trusted certificates. In the large number of cases where you
*don't* need to worry about it, there's no need to add any extra overhead.
And if you're going with SSL already, the extra overhead of TCP vs Unix
sockets shouldn't matter *at all*... So I don't really see a motivation
for us to support SSL over Unix sockets, if it adds any complexity to
In response to
pgsql-hackers by date
|Next:||From: Magnus Hagander||Date: 2007-12-27 19:40:49|
|Subject: Re: Spoofing as the postmaster|
|Previous:||From: Andrew Dunstan||Date: 2007-12-27 19:23:12|
|Subject: Re: Unworkable column delimiter characters for COPY|