Magnus Hagander wrote: > > Most kinds of server processes where you'd send sensitive information do > > support SSL. Most of these server processes don't run over Unix-domain > > sockets, though. > > Well, the question is not about sensitive information, is it? It's about > password disclosure due to spoofing.
I included passwords as sensitive information. > Which would affect *all* services > that accept passwords over any kind of local connections - both unix > sockets and TCP localhost. These services either use a protected port or a protected directory, or they support SSL or something similar (SSH), or they are deprecated, as many traditional Unix services are. If you find a service that is not covered by this, then yes, you have a problem. > The best way to avoid it is of course not to give untrusted users access > to launch arbitrary processes on your server. Something about that > should perhaps be added to that new docs section? That is pretty impractical. PostgreSQL is designed to run on multiuser operating systems, so it should do it correctly. Such suggestions do not raise confidence. -- Peter Eisentraut http://developer.postgresql.org/~petere/ ---------------------------(end of broadcast)--------------------------- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
