Andrew Sullivan wrote:
> On Sun, Dec 23, 2007 at 09:52:14PM +0100, Magnus Hagander wrote:
>> My point is that all these other server products have the exact same
>> issue. And that they deal with it the exact same we do - pretty much
>> leave it up to the guy who configure the server to realize that's just
>> how things work.
>
> The problem with that approach is that, in the computer security world,
> taking that approach is increasingly regarded as negligent. And pointing
> out that others are similarly negligent is not a response.
Sure. But we *do* provide a way to work around it *if you have to*: use
SSL with trusted certificates. In the large number of cases where you
*don't* need to worry about it, there's no need to add any extra overhead.
And if you're going with SSL already, the extra overhead of TCP vs Unix
sockets shouldn't matter *at all*... So I don't really see a motivation
for us to support SSL over Unix sockets, if it adds any complexity to
the code.
//Magnus
