Re: SSL over Unix-domain sockets

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Bruce Momjian <bruce(at)momjian(dot)us>
Cc: PG Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: SSL over Unix-domain sockets
Date: 2009-03-27 11:40:08
Message-ID: 49CCBB18.5010103@gmx.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Bruce Momjian wrote:
> Peter Eisentraut wrote:
>> Bruce Momjian wrote:
>>> I thought the logical solution to this was to place the socket in a
>>> secure directory and not bother with SSL at all.
>> How would a client algorithmically determine whether the server socket
>> was in a "secure" directory?
>
> You have to configure your client to know that, but don't you need to
> configure your client for SSL too?

Yes, but how exactly would a client know? How is a "secure directory"
defined, in terms of C library calls, say?

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Peter Eisentraut 2009-03-27 11:46:36 Re: SSL over Unix-domain sockets
Previous Message Andrew Gierth 2009-03-27 10:48:41 Re: 8.4 release notes proof reading 1/2