| From: | Ken Tanzer <ken(dot)tanzer(at)gmail(dot)com> |
|---|---|
| To: | matt(at)eatsleeprepeat(dot)net |
| Cc: | PG-General Mailing List <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Localhost vs. Unix Domain Sockets? |
| Date: | 2014-08-19 00:45:10 |
| Message-ID: | CAD3a31Uq-qgCcVEnfUBkX51Ytx9gS_1_+YibPALaL1EKrTXdRQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Thanks all for the input. Sounds like there aren't downsides to sockets,
and they are at least as secure. I do have on follow-up question though:
* "peer" auth (OS user == DB user name) is typically the way to go in
I used to have my db and linux usernames match, until this issue came
along: http://www.postgresql.org/support/security/faq/2013-04-04/. It
specifically mentions potentially increased vulnerability if the names
match. So when I set up a new server I had them not match. I know this
particular issue is fixed. But are there other ways that having the names
match could potentially increase vulnerability (even if not known or
identified yet), or am I pointlessly "fighting the last war" by keeping the
names different?
Cheers,
Ken
--
AGENCY Software
A Free Software data system
By and for non-profits
*http://agency-software.org/ <http://agency-software.org/>*
*https://agency-software.org/demo/client
<https://agency-software.org/demo/client>*
ken(dot)tanzer(at)agency-software(dot)org
(253) 245-3801
Subscribe to the mailing list
<agency-general-request(at)lists(dot)sourceforge(dot)net?body=subscribe> to
learn more about AGENCY or
follow the discussion.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John R Pierce | 2014-08-19 00:54:44 | Re: Localhost vs. Unix Domain Sockets? |
| Previous Message | Matt S | 2014-08-19 00:12:34 | Re: Localhost vs. Unix Domain Sockets? |