Bruce Momjian wrote: > Bruce Momjian wrote: > > I think at a minimum we need to add documentation that states if you > > don't trust the local users on the postmaster server you should: > > > > o create unix domain socket files in a non-world-writable > > directory > > o require SSL server certificates for TCP connections > > I have written documentation for this item: > > http://momjian.us/tmp/pgsql/server-shutdown.html#SERVER-SPOOFING > > Comments?
What you actually need on the client side is ~/.postgresql/root.crt, not ~/.postgresql/postgresql.crt as you wrote. -- Peter Eisentraut http://developer.postgresql.org/~petere/ ---------------------------(end of broadcast)--------------------------- TIP 3: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq
