Skip site navigation (1) Skip section navigation (2)

Re: [HACKERS] SSL over Unix-domain sockets

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Bruce Momjian <bruce(at)momjian(dot)us>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>, Mark Mielke <mark(at)mark(dot)mielke(dot)cc>
Subject: Re: [HACKERS] SSL over Unix-domain sockets
Date: 2008-01-17 16:31:40
Message-ID: 9905.1200587500@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Bruce Momjian <bruce(at)momjian(dot)us> writes:
> Peter Eisentraut wrote:
>> How does that prevent spoofing?

> It creates a lock file that is the same name as the socket file that a
> default-configured client would use, so it prevents a spoofed socket
> from being created.

Only if the attacker didn't get there first.  I think this idea is
nothing but a crude kluge anyway...

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Andrew DunstanDate: 2008-01-17 16:35:58
Subject: Re: [HACKERS] SSL over Unix-domain sockets
Previous:From: Pavel StehuleDate: 2008-01-17 16:21:55
Subject: Re: proposal for 8.4: PL/pgSQL - statement CASE

pgsql-patches by date

Next:From: Andrew DunstanDate: 2008-01-17 16:35:58
Subject: Re: [HACKERS] SSL over Unix-domain sockets
Previous:From: Bruce MomjianDate: 2008-01-17 16:10:47
Subject: Re: [HACKERS] SSL over Unix-domain sockets

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group