Bruce Momjian <bruce(at)momjian(dot)us> writes:
> Peter Eisentraut wrote:
>> On non-Windows servers you could get this even safer by disabling the
>> TCP/IP socket altogether, and placing the Unix-domain socket in a
>> private temporary directory. The "port" wouldn't actually matter then.
> Yes, it would be nice to just create the socket in the current
> directory. The fact it doesn't work on Windows would cause our docs to
> have to differ for Windows, which seems unfortunate.
It still wouldn't be bulletproof against someone running as the postgres
user, so probably not worth the trouble.
regards, tom lane