Peter Eisentraut wrote: > Am Freitag, 4. Januar 2008 schrieb Bruce Momjian: > > Peter Eisentraut wrote: > > > Using the attached patch, SSL will act over Unix-domain sockets. AFAICT, > > > this just works. I didn't find a way to sniff a Unix-domain socket, > > > however. > > > > > > How should we proceed with this? > > > > I am confused by the shortness of this patch. Right now pg_hba.conf > > has: > > > > # host DATABASE USER CIDR-ADDRESS METHOD [OPTION] > > # hostssl DATABASE USER CIDR-ADDRESS METHOD [OPTION] > > # hostnossl DATABASE USER CIDR-ADDRESS METHOD [OPTION] > > > > These are all for TCP connections. How do we handle 'local' SSL > > connection specification? Do we want to provide similar functionality > > for local connections? > > Yes, we might want to add that as well. That and some documentation updates > would probably cover everything.
OK. Right now the documentation about spoofing says to use directory permissions for the socket, and that works. I am thinking this is something for 8.4. -- Bruce Momjian <[EMAIL PROTECTED]> http://momjian.us EnterpriseDB http://postgres.enterprisedb.com + If your life is a hard drive, Christ can be your backup. + ---------------------------(end of broadcast)--------------------------- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
