18.7. Preventing Server Spoofing

One way to prevent spoofing of local connections is to use a Unix domain socket directory (unix_socket_directories) that has write permission only for a trusted local user. This prevents a malicious user from creating their own socket file in that directory. If you are concerned that some applications might still reference /tmp for the socket file and hence be vulnerable to spoofing, during operating system startup create a symbolic link /tmp/.s.PGSQL.5432 that points to the relocated socket file. You also might need to modify your cleanup script to prevent removal of the symbolic link.

To prevent spoofing on TCP connections, either use SSL certificates and make sure that clients check the server’s certificate, or use GSSAPI encryption (or both, if they’re on separate connections).

To prevent spoofing with GSSAPI, the server must be configured to accept only hostgssenc connections () and use gss authentication with them. The TCP client must connect using .