Home > mailing lists

Re: Spoofing as the postmaster - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: Spoofing as the postmaster
Date	December 23, 2007 07:41:16
Msg-id	200712230941.04594.peter_e@gmx.net Whole thread Raw
In response to	Re: Spoofing as the postmaster (Bruce Momjian <bruce@momjian.us>)
Responses	Re: Spoofing as the postmaster (Bruce Momjian <bruce@momjian.us>)
List	pgsql-hackers

Tree view

Bruce Momjian wrote:
> Bruce Momjian wrote:
> > I think at a minimum we need to add documentation that states if you
> > don't trust the local users on the postmaster server you should:
> >
> >     o  create unix domain socket files in a non-world-writable
> >        directory
> >     o  require SSL server certificates for TCP connections
>
> I have written documentation for this item:
>
>     http://momjian.us/tmp/pgsql/server-shutdown.html#SERVER-SPOOFING
>
> Comments?

What you actually need on the client side is ~/.postgresql/root.crt, not 
~/.postgresql/postgresql.crt as you wrote.

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/

pgsql-hackers by date:

From: Gregory Stark
Date: 23 December 2007, 06:58:19
Subject: Re: Spoofing as the postmaster

From: Magnus Hagander
Date: 23 December 2007, 09:29:28
Subject: Re: Spoofing as the postmaster

Re: Spoofing as the postmaster - Mailing list pgsql-hackers

Previous

Next