Home > mailing lists

Re: [HACKERS] SSL over Unix-domain sockets - Mailing list pgsql-patches

From	Tom Lane
Subject	Re: [HACKERS] SSL over Unix-domain sockets
Date	January 18, 2008 01:21:29
Msg-id	19369.1200622879@sss.pgh.pa.us Whole thread Raw
In response to	Re: [HACKERS] SSL over Unix-domain sockets (Bruce Momjian <bruce@momjian.us>)
Responses	Re: [HACKERS] SSL over Unix-domain sockets Re: [HACKERS] SSL over Unix-domain sockets
List	pgsql-patches

Tree view

Bruce Momjian <bruce@momjian.us> writes:
> I am confused because you say "dangling" then you say "to the real
> socket".  You are saying it isn't dangling when the server is running?

Exactly.  When the server is running it provides a perfectly good path
to the postmaster.  The point (and the main difference from your PIDfile
proposal) is that it's supposed to be there all the time, even when the
postmaster isn't running.  This is what provides protection against the
spoofer getting there first.

> If you are going to require the admin to modify the tmp cleanup script,
> the admin might as well create the symlink at the same time and have it
> recreate on boot.

No, that's not the same, because it doesn't provide protection against
the symlink getting deleted later on.

            regards, tom lane

pgsql-patches by date:

From: Bruce Momjian
Date: 18 January 2008, 01:21:27
Subject: Re: [HACKERS] SSL over Unix-domain sockets

From: Bruce Momjian
Date: 18 January 2008, 01:24:34
Subject: Re: [HACKERS] SSL over Unix-domain sockets

Re: [HACKERS] SSL over Unix-domain sockets - Mailing list pgsql-patches

Previous

Next