Search Postgresql Archives

Re: Question about UNIX socket connections and SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Jun 12, 2024, at 2:17 PM, Tom Lane <tgl@xxxxxxxxxxxxx> wrote:
> 
> (1) It'd add overhead without adding any security.  Data going through
> a UNIX socket will only pass through the local kernel, and if that's
> compromised then it's game over anyway.

That's true.  My preference would be to have an unencrypted connection via UNIX socket from the application to haproxy, then an encrypted connection using SSL certificate authentication from haproxy to the database.  I spent some time attempting this.  But that doesn't seem to be possible since haproxy doesn't understand the postgres protocol.

-- 
Regards,
- Casey





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux