| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL over Unix-domain sockets |
| Date: | 2009-03-27 22:42:28 |
| Message-ID: | 200903272242.n2RMgSf10115@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut wrote:
> Bruce Momjian wrote:
> > Peter Eisentraut wrote:
> >> Bruce Momjian wrote:
> >>> I thought the logical solution to this was to place the socket in a
> >>> secure directory and not bother with SSL at all.
> >> How would a client algorithmically determine whether the server socket
> >> was in a "secure" directory?
> >
> > You have to configure your client to know that, but don't you need to
> > configure your client for SSL too?
>
> Yes, but how exactly would a client know? How is a "secure directory"
> defined, in terms of C library calls, say?
I assume directory permissions controlling access to the socket file
would be enough. You are going to have to set up SSL certificates
anyway for this so isn't that just as hard as telling the client where
the socket file is located?
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2009-03-27 22:44:30 | Re: typedefs for indent |
| Previous Message | Bruce Momjian | 2009-03-27 22:40:00 | Re: 8.4 release notes proof reading 1/2 |