On Saturday 28 March 2009 00:42:28 Bruce Momjian wrote:
> I assume directory permissions controlling access to the socket file
> would be enough. You are going to have to set up SSL certificates
> anyway for this so isn't that just as hard as telling the client where
> the socket file is located?
The permissions on the socket file or the containing directory doesn't tell
much by itself, because you also need to consider who owns it. What that
basically comes down to is that the client would need to specify something
like, "I only want a connection to a server owned by 'postgres'." But the
client currently has no way of saying that, so we'd need to invent something
new.
