On Tue, Jan 15, 2008 at 10:10:37AM +0100, Peter Eisentraut wrote: > Am Montag, 14. Januar 2008 schrieb Tom Lane: > > If we do want to apply Peter's patch, I think it needs to be extended so > > that the default behavior on sockets is the same as before, ie, no SSL. > > This could be done by giving libpq an additional connection parameter, > > say "socketsslmode", having the same alternatives as sslmode but > > defaulting to "allow" instead of "prefer". > > I suggest we don't do anything for 8.3, and return to investigate the full > range of options for 8.4. Those might include adding SSL support for local > sockets but disabled by default, using SO_PEERCRED to check the server > identity, and more fine-grained control over (multiple?) local socket > placement.
+1 //Magnus ---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend
