Re: Re: [PATCHES] PostgreSQL virtual hosting support

Bruce Momjian writes:

> > I think we had some discussions about changing the way that shared
> > memory keys are generated, which might make this a less critical issue.
> > But until something's done about that, this patch looks awfully
> > dangerous.
>
> But do we yank it out for that reason? I don't think so.

Now that I read the author's description of this feature, I'm no longer
sure what it's good for:

You can use this option to put the Unix domain socket in a
directory that is private to one or more users using Unix
directory permissions. This is necessary for securely
creating databases automatically on shared machines. In that
situation, also disallow all TCP/IP connections initially in
<filename>pg_hba.conf</filename>.

You can do that in a more stylish and safer manner by using the
unix_socket_permissions and unix_socket_group options.

I won't argue for removing it, but let's not spread the word too widely
before we fix the issues. :-)

--
Peter Eisentraut peter_e(at)gmx(dot)net http://yi.org/peter-e/