On ons, 2011-06-15 at 17:50 -0400, Tom Lane wrote: > Bruce Momjian <br...@momjian.us> writes: > > Peter Eisentraut wrote: > >> On non-Windows servers you could get this even safer by disabling the > >> TCP/IP socket altogether, and placing the Unix-domain socket in a > >> private temporary directory. The "port" wouldn't actually matter then. > > > Yes, it would be nice to just create the socket in the current > > directory. The fact it doesn't work on Windows would cause our docs to > > have to differ for Windows, which seems unfortunate. > > It still wouldn't be bulletproof against someone running as the postgres > user, so probably not worth the trouble.
But the postgres user would normally be the DBA itself, so it'd be his own fault. I don't see how you can easily make any process safe from interference by the same user account. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
