Bruce Momjian <br...@momjian.us> writes:
> My point is that we are still going to need traditional connections for
> live checks.
Yes, but that's not terribly relevant, IMO. All it means is that we
don't want to invent some solution that doesn't go through libpq.
> If we could find a solution for Windows, the socket in
> current directory might be enough to lock things down, especially if we
> put the socket in a new subdirectory that only we can read/write to.
Who is "we"? Somebody else logged in under the postgres userid could
still connect.
> Should I persue that in my patch?
I think this is just a band-aid, and we shouldn't be putting more
effort into it than needed to ensure that unexpected configuration
settings won't break it. The right fix is a better form of
standalone-backend mode. Maybe I will go pursue that, since nobody
else seems to want to.
regards, tom lane
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
