Postgres Pro
Downloads
Home   >   mailing lists

Re: Localhost vs. Unix Domain Sockets? - Mailing list pgsql-general

From Ken Tanzer
Subject Re: Localhost vs. Unix Domain Sockets?
Date
Msg-id CAD3a31Uq-qgCcVEnfUBkX51Ytx9gS_1_+YibPALaL1EKrTXdRQ@mail.gmail.com
Whole thread Raw
In response to Re: Localhost vs. Unix Domain Sockets?  (Matt S <matt@eatsleeprepeat.net>)
Responses Re: Localhost vs. Unix Domain Sockets?  (John R Pierce <pierce@hogranch.com>)
List pgsql-general
Tree view
Thanks all for the input.  Sounds like there aren't downsides to sockets, and they are at least as secure.  I do have on follow-up question though:

* "peer" auth (OS user == DB user name) is typically the way to go in 

I used to have my db and linux usernames match, until this issue came along:  http://www.postgresql.org/support/security/faq/2013-04-04/.  It specifically mentions potentially increased vulnerability if the names match.  So when I set up a new server I had them not match.  I know this particular issue is fixed.  But are there other ways that having the names match could potentially increase vulnerability (even if not known or identified yet), or am I pointlessly "fighting the last war" by keeping the names different?

Cheers,
Ken

--
AGENCY Software  
A Free Software data system
By and for non-profits
(253) 245-3801

learn more about AGENCY or
follow the discussion.

pgsql-general by date:

Previous
From: Matt S
Date:
Subject: Re: Localhost vs. Unix Domain Sockets?
Next
From: John R Pierce
Date:
Subject: Re: Localhost vs. Unix Domain Sockets?