Postgres Pro
Downloads
Home   >   mailing lists

Re: Localhost vs. Unix Domain Sockets? - Mailing list pgsql-general

From Ken Tanzer
Subject Re: Localhost vs. Unix Domain Sockets?
Date
Msg-id CAD3a31WsC9+Cdr2YMVFk1Gwebh40e2O_4WqiGVBNLkf0tEQVjg@mail.gmail.com
Whole thread Raw
In response to Re: Localhost vs. Unix Domain Sockets?  (John R Pierce <pierce@hogranch.com>)
Responses Re: Localhost vs. Unix Domain Sockets?  (John R Pierce <pierce@hogranch.com>)
List pgsql-general
Tree view
Thanks.  I'm not really worried about this particular vulnerability, just wondering about the more general idea that having db user name = os user could reduce your security, even if only slightly.  Is it just as conceivable that a vulnerability could come along that was more exploitable only if the two names were _different_?

To put it another way, keeping the two sets of names distinct is incrementally more complex to manage.  Which might be worth it if there really is any gain.  Is this a "best practice," or is it really a manifestation of its closely-related cousin, the "silly practice?" :)

Cheers,
Ken


--
AGENCY Software  
A Free Software data system
By and for non-profits
(253) 245-3801

learn more about AGENCY or
follow the discussion.

pgsql-general by date:

Previous
From: Jov
Date:
Subject: Re: New wrapper library: QUINCE
Next
From: John R Pierce
Date:
Subject: Re: Localhost vs. Unix Domain Sockets?