Home > mailing lists

Re: Question about UNIX socket connections and SSL - Mailing list pgsql-general

From	Casey & Gina
Subject	Re: Question about UNIX socket connections and SSL
Date	June 12 23:46:50
Msg-id	1E2A5972-443A-4C7B-88AA-3AE5E6415381@osss.net Whole thread Raw
In response to	Re: Question about UNIX socket connections and SSL (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Question about UNIX socket connections and SSL
List	pgsql-general

Tree view

> On Jun 12, 2024, at 2:17 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> (1) It'd add overhead without adding any security.  Data going through
> a UNIX socket will only pass through the local kernel, and if that's
> compromised then it's game over anyway.

That's true.  My preference would be to have an unencrypted connection via UNIX socket from the application to haproxy,
thenan encrypted connection using SSL certificate authentication from haproxy to the database.  I spent some time
attemptingthis.  But that doesn't seem to be possible since haproxy doesn't understand the postgres protocol. 

--
Regards,
- Casey

pgsql-general by date:

From: "David G. Johnston"
Date: 12 June, 23:35:21
Subject: Re: PG16.1 security breach?

From: Rich Shepard
Date: 13 June, 00:11:30
Subject: Definging columns for INSERT statements

Re: Question about UNIX socket connections and SSL - Mailing list pgsql-general

Previous

Next