File tree 1 file changed +8
-1
lines changed
1 file changed +8
-1
lines changed Original file line number Diff line number Diff line change @@ -1922,7 +1922,7 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
1922
1922
</para>
1923
1923
1924
1924
<para>
1925
- The simplest way to prevent spoofing for <literal>local</>
1925
+ On way to prevent spoofing of <literal>local</>
1926
1926
connections is to use a Unix domain socket directory (<xref
1927
1927
linkend="guc-unix-socket-directories">) that has write permission only
1928
1928
for a trusted local user. This prevents a malicious user from creating
@@ -1934,6 +1934,13 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
1934
1934
<filename>/tmp</> cleanup script to prevent removal of the symbolic link.
1935
1935
</para>
1936
1936
1937
+ <para>
1938
+ Another option for <literal>local</> connections is for clients to use
1939
+ <link linkend="libpq-connect-requirepeer"><literal>requirepeer</></>
1940
+ to specify the required owner of the server process connected to
1941
+ the socket.
1942
+ </para>
1943
+
1937
1944
<para>
1938
1945
To prevent spoofing on TCP connections, the best solution is to use
1939
1946
SSL certificates and make sure that clients check the server's certificate.
You can’t perform that action at this time.
0 commit comments