Peter Eisentraut wrote:
> Bruce Momjian wrote:
> > Bruce Momjian wrote:
> > > I think at a minimum we need to add documentation that states if you
> > > don't trust the local users on the postmaster server you should:
> > >
> > > o create unix domain socket files in a non-world-writable
> > > directory
> > > o require SSL server certificates for TCP connections
> >
> > I have written documentation for this item:
> >
> > http://momjian.us/tmp/pgsql/server-shutdown.html#SERVER-SPOOFING
> >
> > Comments?
>
> What you actually need on the client side is ~/.postgresql/root.crt, not
> ~/.postgresql/postgresql.crt as you wrote.
Thanks, updated:
http://momjian.us/tmp/pgsql/preventing-server-spoofing.html
(I mentioned the file name specificly so people like me wouldn't get
confused.) :-)
--
Bruce Momjian <[EMAIL PROTECTED]> http://momjian.us
EnterpriseDB http://postgres.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
