On Thu, Sep 03, 2015 at 01:15:47AM +0200, Andres Freund wrote:
> On 2015-09-02 17:03:46 -0400, Robert Haas wrote:
> > On Wed, Sep 2, 2015 at 4:50 PM, Andrew Dunstan <andrew@dunslane.net> wrote:
> > > Tell me what's needed and I'll look at creating a buildfarm test module for
> > > it.
> > It's not run by the global "check" or "installcheck" targets, because the
> > temporary installation it creates accepts TCP connections from any user
> > the same host, which is insecure.
The buildfarm client may as well ignore that security hazard, because today's
buildfarm client starts likewise-exposed postmasters directly.
> We could just implement SSL over unix sockets. Obviously the
> connection-encryption aspect isn't actually useful, but e.g. client
> certs still make sense. Besides, it allows to avoid concerns like the
> above...
Agreed.