On Tue, Jan 15, 2008 at 10:10:37AM +0100, Peter Eisentraut wrote:
> Am Montag, 14. Januar 2008 schrieb Tom Lane:
> > If we do want to apply Peter's patch, I think it needs to be extended so
> > that the default behavior on sockets is the same as before, ie, no SSL.
> > This could be done by giving libpq an additional connection parameter,
> > say "socketsslmode", having the same alternatives as sslmode but
> > defaulting to "allow" instead of "prefer".
>
> I suggest we don't do anything for 8.3, and return to investigate the full
> range of options for 8.4. Those might include adding SSL support for local
> sockets but disabled by default, using SO_PEERCRED to check the server
> identity, and more fine-grained control over (multiple?) local socket
> placement.
+1
//Magnus
