John R Pierce <pierce@xxxxxxxxxxxx> writes: > On 8/18/2014 4:55 PM, Ken Tanzer wrote: >> So I've got two questions. One is whether there are any downsides to >> using sockets, or any "gotchas" to be aware of. The second is whether >> there is anything to do to increase the security of sockets? (e.g., >> analagous to encrypting localhost conenctions with SSL?) From the >> little I saw, it sounds like sockets are "just inherently secure," but >> wanted to confirm that or get another opinion! > localhost is plenty secure, only root can sniff it, and root can su to > postgres and be in full ownership of your server anyways, so if you > consider root a security risk, well, there's no cure for that. Well, there are two things here. You're right that sniffing traffic on an existing connection is probably about equivalently hard either way; but making an unauthorized connection is a totally different issue. On most OSes, any local process can attempt a connection to the postmaster's localhost TCP port, so it's down to whether you have enough faith in passwords to keep an attacker out of your database. If you use socket connections then you can make use of filesystem permissions as an extra security layer, to limit the set of processes that even potentially have access to the database. Plus there's the possibility of using peer authentication, as Ken says. > unix domain sockets are quite secure too. they might be slightly > faster than tcp/ip via localhost, but its probably not enough to matter. Yeah, I'd not expect much speed difference. Most modern kernels have short-circuit paths for local TCP connections, so that there's no extra protocol overhead there. regards, tom lane -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
