Home > mailing lists

Re: SSL over Unix-domain sockets - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: SSL over Unix-domain sockets
Date	January 15, 2008 14:46:41
Msg-id	23996.1200411992@sss.pgh.pa.us Whole thread Raw
In response to	Re: SSL over Unix-domain sockets (Alvaro Herrera <alvherre@commandprompt.com>)
Responses	Re: SSL over Unix-domain sockets Re: SSL over Unix-domain sockets Re: SSL over Unix-domain sockets
List	pgsql-hackers

Tree view

Alvaro Herrera <alvherre@commandprompt.com> writes:
> Perhaps the easiest thing to do is to create a (possibly dangling)
> symlink in /tmp to the real socket in a protected dir.

Cute idea ...

> One thing to be aware of is /tmp cleaners ...

... but that would definitely be a problem.  I think on most systems
you'd have to explicitly tweak the /tmp-cleaning script to know not to
zap such a link.  Given that such a local customization would probably
disappear in your next system update, the security gain might be
fleeting.
        regards, tom lane

pgsql-hackers by date:

From: Tom Lane
Date: 15 January 2008, 14:36:48
Subject: Re: Declarative partitioning grammar

From: Markus Schiltknecht
Date: 15 January 2008, 14:49:44
Subject: Re: Declarative partitioning grammar

Re: SSL over Unix-domain sockets - Mailing list pgsql-hackers

Previous

Next