|
1 | | -<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.403 2008/01/24 06:23:32 petere Exp $ --> |
| 1 | +<!-- $PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.404 2008/01/31 17:22:43 momjian Exp $ --> |
2 | 2 |
|
3 | 3 | <chapter Id="runtime"> |
4 | 4 | <title>Operating System Environment</title> |
@@ -1397,7 +1397,16 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput |
1397 | 1397 | connections is to use a Unix domain socket directory (<xref |
1398 | 1398 | linkend="guc-unix-socket-directory">) that has write permission only |
1399 | 1399 | for a trusted local user. This prevents a malicious user from creating |
1400 | | - their own socket file in that directory. For TCP connections the server |
| 1400 | + their own socket file in that directory. If you are concerned that |
| 1401 | + some applications might still look in <filename>/tmp</> for the |
| 1402 | + socket file and hence be vulnerable to spoofing, create a symbolic link |
| 1403 | + during operating system startup in <filename>/tmp</> that points to |
| 1404 | + the relocated socket file. You also might need to modify your |
| 1405 | + <filename>/tmp</> cleanup script to preserve the symbolic link. |
| 1406 | + </para> |
| 1407 | + |
| 1408 | + <para> |
| 1409 | + For TCP connections the server |
1401 | 1410 | must accept only <literal>hostssl</> connections (<xref |
1402 | 1411 | linkend="auth-pg-hba-conf">) and have SSL |
1403 | 1412 | <filename>server.key</filename> (key) and |
|