Hi. I'm working with a couple of machines that have Postgres/Apache on Linux setups. Connections to Postgres are currntly TCP/IP to localhost. (We're also using itk, so that the apache connections are per-user.) We began looking into about encrypting these connections with SSL, but now I'm thinking of using unix domain socket connections instead.
I see two possible benefits to this:
1) Maybe better performance or use of resources. I didn't find a lot of info, although this post from Bruce Momjian indicates that is is the case: http://momjian.us/main/blogs/pgblog/2012.html#June_6_2012.
2) Our webapp and users wouldn't need to be given a Postgres password at all. Authenticating as their user would be sufficient.
So I've got two questions. One is whether there are any downsides to using sockets, or any "gotchas" to be aware of. The second is whether there is anything to do to increase the security of sockets? (e.g., analagous to encrypting localhost conenctions with SSL?) From the little I saw, it sounds like sockets are "just inherently secure," but wanted to confirm that or get another opinion!
Thanks in advance,
Ken
AGENCY Software
A Free Software data system
By and for non-profits
(253) 245-3801
learn more about AGENCY or
follow the discussion.
