Thanks all for the input. Sounds like there aren't downsides to sockets, and they are at least as secure. I do have on follow-up question though:
--
![]()
* "peer" auth (OS user == DB user name) is typically the way to go in
I used to have my db and linux usernames match, until this issue came along: http://www.postgresql.org/support/security/faq/2013-04-04/. It specifically mentions potentially increased vulnerability if the names match. So when I set up a new server I had them not match. I know this particular issue is fixed. But are there other ways that having the names match could potentially increase vulnerability (even if not known or identified yet), or am I pointlessly "fighting the last war" by keeping the names different?
Cheers,
Ken
AGENCY Software
A Free Software data system
By and for non-profits
(253) 245-3801
learn more about AGENCY or
follow the discussion.
