Home > mailing lists

Re: SSL over Unix-domain sockets - Mailing list pgsql-hackers

From	Alvaro Herrera
Subject	Re: SSL over Unix-domain sockets
Date	January 15, 2008 11:21:46
Msg-id	20080115122121.GC4473@alvh.no-ip.org Whole thread Raw
In response to	Re: SSL over Unix-domain sockets (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: SSL over Unix-domain sockets (Aidan Van Dyk <aidan@highrise.ca>)
List	pgsql-hackers

Tree view

Tom Lane wrote:

> It strikes me that given the postmaster's infrastructure for listening
> on multiple sockets, it would be a pretty small matter of programming
> to teach it to listen on socket files in multiple directories not only
> one.

The problem with this idea is that if the postmaster goes away, both
sockets go away, which means the attacker can place his socket in /tmp
as he sees fit.

-- 
Alvaro Herrera                                http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.

pgsql-hackers by date:

From: Alvaro Herrera
Date: 15 January 2008, 11:06:08
Subject: Re: SSL over Unix-domain sockets

From: Hannu Krosing
Date: 15 January 2008, 12:18:12
Subject: Re: Declarative partitioning grammar

Re: SSL over Unix-domain sockets - Mailing list pgsql-hackers

Previous

Next