Document the idea of creating a symbolic link in /tmp to prevent server

spoofing when the socket file has been moved.

diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 22a640d6ee9595621688b98a2c9b3de71001c476..d487758020308fe77efc9513a8f9f2fdd3a1ca0e 100644 (file)
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -1,4 +1,4 @@
-
+
 
 
  Operating System Environment
@@ -1397,7 +1397,16 @@ $ kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`
    connections is to use a Unix domain socket directory (
    linkend="guc-unix-socket-directory">) that has write permission only
    for a trusted local user.  This prevents a malicious user from creating
-   their own socket file in that directory.  For TCP connections the server
+   their own socket file in that directory.  If you are concerned that
+   some applications might still look in /tmp for the
+   socket file and hence be vulnerable to spoofing, create a symbolic link
+   during operating system startup in /tmp that points to
+   the relocated socket file.  You also might need to modify your
+   /tmp cleanup script to preserve the symbolic link.
+  
+
+  
+   For TCP connections the server
    must accept only hostssl connections (
    linkend="auth-pg-hba-conf">) and have SSL
    server.key (key) and