doc: requirepeer is a way to avoid spoofing

We already mentioned unix_socket_directories as an option.

Reported-by: https://www.postgresql.org/message-id/45016837-6cf3-3136-f959-763d06a28076%402ndquadrant.com
Backpatch-through: 9.6

diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 60a06590fec3a8a91d23b28369f3e2e786697549..98752c2875cd8d3256110ef275dce928a194705b 100644 (file)
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -1922,7 +1922,7 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
   
 
   
-   The simplest way to prevent spoofing for local
+   On way to prevent spoofing of local
    connections is to use a Unix domain socket directory (
    linkend="guc-unix-socket-directories">) that has write permission only
    for a trusted local user.  This prevents a malicious user from creating
@@ -1934,6 +1934,13 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
    /tmp cleanup script to prevent removal of the symbolic link.
   
 
+  
+   Another option for local connections is for clients to use
+   requirepeer
+   to specify the required owner of the server process connected to
+   the socket.
+  
+
   
    To prevent spoofing on TCP connections, the best solution is to use
    SSL certificates and make sure that clients check the server's certificate.