Peter Eisentraut wrote: > Bruce Momjian wrote: > > Peter Eisentraut wrote: > >> Bruce Momjian wrote: > >>> I thought the logical solution to this was to place the socket in a > >>> secure directory and not bother with SSL at all. > >> How would a client algorithmically determine whether the server socket > >> was in a "secure" directory? > > > > You have to configure your client to know that, but don't you need to > > configure your client for SSL too? > > Yes, but how exactly would a client know? How is a "secure directory" > defined, in terms of C library calls, say?
I assume directory permissions controlling access to the socket file would be enough. You are going to have to set up SSL certificates anyway for this so isn't that just as hard as telling the client where the socket file is located? -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
