Index: doc/src/sgml/runtime.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v
retrieving revision 1.403
diff -c -c -r1.403 runtime.sgml
*** doc/src/sgml/runtime.sgml	24 Jan 2008 06:23:32 -0000	1.403
--- doc/src/sgml/runtime.sgml	31 Jan 2008 17:21:57 -0000
***************
*** 1397,1403 ****
     connections is to use a Unix domain socket directory (<xref
     linkend="guc-unix-socket-directory">) that has write permission only
     for a trusted local user.  This prevents a malicious user from creating
!    their own socket file in that directory.  For TCP connections the server
     must accept only <literal>hostssl</> connections (<xref
     linkend="auth-pg-hba-conf">) and have SSL
     <filename>server.key</filename> (key) and
--- 1397,1412 ----
     connections is to use a Unix domain socket directory (<xref
     linkend="guc-unix-socket-directory">) that has write permission only
     for a trusted local user.  This prevents a malicious user from creating
!    their own socket file in that directory.  If you are concerned that
!    some applications might still look in <filename>/tmp</> for the
!    socket file and hence be vulnerable to spoofing, create a symbolic link
!    during operating system startup in <filename>/tmp</> that points to
!    the relocated socket file.  You also might need to modify your
!    <filename>/tmp</> cleanup script to preserve the symbolic link.
!   </para>
! 
!   <para>
!    For TCP connections the server
     must accept only <literal>hostssl</> connections (<xref
     linkend="auth-pg-hba-conf">) and have SSL
     <filename>server.key</filename> (key) and
