On ons, 2011-06-15 at 17:50 -0400, Tom Lane wrote:
> Bruce Momjian <bruce@momjian.us> writes:
> > Peter Eisentraut wrote:
> >> On non-Windows servers you could get this even safer by disabling the
> >> TCP/IP socket altogether, and placing the Unix-domain socket in a
> >> private temporary directory. The "port" wouldn't actually matter then.
>
> > Yes, it would be nice to just create the socket in the current
> > directory. The fact it doesn't work on Windows would cause our docs to
> > have to differ for Windows, which seems unfortunate.
>
> It still wouldn't be bulletproof against someone running as the postgres
> user, so probably not worth the trouble.
But the postgres user would normally be the DBA itself, so it'd be his
own fault. I don't see how you can easily make any process safe from
interference by the same user account.