Re: [HACKERS] SSL over Unix-domain sockets - Mailing list pgsql-patches

Peter Eisentraut wrote:
> Bruce Momjian wrote:
> > I have written the following documentation addition suggesting the use
> > of external_pid_file.
>
> How does that prevent spoofing?

It creates a lock file that is the same name as the socket file that a
default-configured client would use, so it prevents a spoofed socket
from being created.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://postgres.enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +