Bruce Momjian writes:
> > I think we had some discussions about changing the way that shared
> > memory keys are generated, which might make this a less critical issue.
> > But until something's done about that, this patch looks awfully
> > dangerous.
>
> But do we yank it out for that reason? I don't think so.
Now that I read the author's description of this feature, I'm no longer
sure what it's good for:
You can use this option to put the Unix domain socket in a directory that is private to one or more users
usingUnix directory permissions. This is necessary for securely creating databases automatically on shared
machines. In that situation, also disallow all TCP/IP connections initially in
<filename>pg_hba.conf</filename>.
You can do that in a more stylish and safer manner by using the
unix_socket_permissions and unix_socket_group options.
I won't argue for removing it, but let's not spread the word too widely
before we fix the issues. :-)
--
Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/
