Peter Eisentraut wrote: > I found an old patch on my disk to enable SSL over Unix-domain sockets. > > Remember, about a year ago it was discussed that there might also be > man-in-the-middle or fake-server attacks using Unix-domain sockets, > because usually anyone can start a server in /tmp. After an extensive > discussion (mainly about moving the socket out of /tmp by default; > please don't start that again), it was determined that using SSL server > verification would be the proper solution and it fact works without > problems. Except that the start-up overhead was increased significantly > (because of the initial key exchange and session key setup etc.). > > Back then we didn't really have a good solution, but I figured since 8.4 > rearranges the SSL connection parameters anyway, we could stick that in > there. > > I imagine for example, we could invent an additional sslmode of the sort > prefer-but-not-if-local-socket, which could be the default. > > The other question is whether sslverify=cn makes sense, but that may be > up to the user to find out.
I thought the logical solution to this was to place the socket in a secure directory and not bother with SSL at all. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
