Peter Eisentraut <pete...@gmx.net> writes: > I would consider sidestepping this entire issue by having the > stand-alone backend create a Unix-domain socket and have a client > connect to that in the normal way.
Hmm. But that requires the "stand-alone backend" to take on at least some properties of a postmaster; at the very least, it would need to accept some form of shutdown signal (not just EOF on its stdin). Perhaps more to the point, I think this approach actually breaks one of the principal good-thing-in-emergencies attributes of standalone mode, namely being sure that nobody but you can connect. With this, you're right back to having a race condition as to whether your psql command gets to the socket before somebody else. I think we'd be better off trying to fix the security issue by constraining what can be executed as a "standalone backend". Would it work to insist that psql/pg_dump launch the program named postgres from the same bin directory they're in, rather than accepting a path from the connection string? regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers