Home > mailing lists

Re: Question about UNIX socket connections and SSL - Mailing list pgsql-general

From	Tom Lane
Subject	Re: Question about UNIX socket connections and SSL
Date	June 12 22:17:33
Msg-id	1514893.1718219853@sss.pgh.pa.us Whole thread Raw
In response to	Question about UNIX socket connections and SSL (Casey & Gina <cg@osss.net>)
Responses	Re: Question about UNIX socket connections and SSL Re: Question about UNIX socket connections and SSL
List	pgsql-general

Tree view

Casey & Gina <cg@osss.net> writes:
> So why can't I use SSL when connecting from a client to a UNIX socket?

(1) It'd add overhead without adding any security.  Data going through
a UNIX socket will only pass through the local kernel, and if that's
compromised then it's game over anyway.

(2) I'm less sure about this part, but I seem to recall that openssl
doesn't actually work if given a UNIX socket.

Maybe there are reasons why those arguments are obsolete, but you
haven't presented any.

            regards, tom lane

pgsql-general by date:

From: Karsten Hilbert
Date: 12 June, 22:13:39
Subject: Re: DROP COLLATION vs pg_collation question

From: Daniel Gustafsson
Date: 12 June, 22:32:22
Subject: Re: Question about UNIX socket connections and SSL

Re: Question about UNIX socket connections and SSL - Mailing list pgsql-general

Previous

Next