Am Montag, 14. Januar 2008 schrieb Tom Lane: > If we do want to apply Peter's patch, I think it needs to be extended so > that the default behavior on sockets is the same as before, ie, no SSL. > This could be done by giving libpq an additional connection parameter, > say "socketsslmode", having the same alternatives as sslmode but > defaulting to "allow" instead of "prefer".
I suggest we don't do anything for 8.3, and return to investigate the full range of options for 8.4. Those might include adding SSL support for local sockets but disabled by default, using SO_PEERCRED to check the server identity, and more fine-grained control over (multiple?) local socket placement. -- Peter Eisentraut http://developer.postgresql.org/~petere/ ---------------------------(end of broadcast)--------------------------- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
