On Fri, Jan 18, 2008 at 11:24:09AM +0100, Peter Eisentraut wrote: > Am Donnerstag, 17. Januar 2008 schrieb Andrew Dunstan: > > I agree. I remain of the opinion that this is not a problem than can be > > solved purely within the bounds of postgres. > > Well, the SSL patch I showed certainly solves the problem. (I am not saying > it is the best possible solution.) Of course there also need to be prudent > users, but that is the case for any security system.
Not that much more than moving the socket file to a secure directory. Both rely on configuring the client properly. It's arguably a lot easier to configure the client to connect to the correct socket, than to make sure the client has a root certificate installed. //Magnus ---------------------------(end of broadcast)--------------------------- TIP 3: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq