>>> On Mon, Jan 14, 2008 at 9:33 PM, in message <11967.1200368008@sss.pgh.pa.us>,
Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Yeah, all of this is about confusion and error-proneness. I still think
> that the real problem is that we don't have full control over
> client-side code, and therefore can't just write off the problem of a
> client deciding to connect to /tmp/.s.PGSQL.5432 even if the local DBA
> thinks the socket would be safer elsewhere.
The local DBA may have sufficient control over client-side code.
There probably are use cases where using a secure directory isn't a
complete solution; but for us, the spoofing in /tmp is a real risk
and using a secure directory solves the problem just fine.
Are we sure there really are users who need the other options?
-Kevin
