On Fri, Apr 22, 2005 at 03:02:25PM -0700, -k. wrote: > > > from my php script, do i need to make a special > > > connection to the database > > > or is the same e.g pg_connect(host= localhost > > >dbname=test user=p > > > password=p)? > > > > You could add "sslmode=require" to attempt only an > > SSL connection. > > I have couple related questions: > > Is this necessary if the database is running on the > same machine (as implied by "host= localhost")? If so > why? Probably not; I was simply discussing the mechanism in general. If the only users who could sniff the connection are privileged users who already have access to the filesystem and memory, then encrypting a connection to localhost wouldn't do much except slow down the connection. It would, however, mean you wouldn't have to remember to change that later if the web server and database were split onto separate machines. > Is it possible to make an SSL connection between > Apache and Postgres using Unix-domain sockets? I don't think libpq will attempt SSL over a Unix-domain socket. I see a comment in fe-connect.c that says "Don't bother requesting SSL over a Unix socket", although I haven't examined the code to see if that's the only place such a decision would be made. BTW, connecting with "host=localhost" makes a TCP connection; omitting that and making a Unix-domain connection would probably make the connection more efficient (assuming the system supports Unix-domain sockets, that is). -- Michael Fuhr http://www.fuhr.org/~mfuhr/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php