Hi. I'm working with a couple of machines that have Postgres/Apache on Linux setups. Connections to Postgres are currntly TCP/IP to localhost. (We're also using itk, so that the apache connections are per-user.) We began looking into about encrypting these connections with SSL, but now I'm thinking of using unix domain socket connections instead.
I see two possible benefits to this: 1) Maybe better performance or use of resources. I didn't find a lot of info, although this post from Bruce Momjian indicates that is is the case: http://momjian.us/main/blogs/pgblog/2012.html#June_6_2012. 2) Our webapp and users wouldn't need to be given a Postgres password at all. Authenticating as their user would be sufficient. So I've got two questions. One is whether there are any downsides to using sockets, or any "gotchas" to be aware of. The second is whether there is anything to do to increase the security of sockets? (e.g., analagous to encrypting localhost conenctions with SSL?) From the little I saw, it sounds like sockets are "just inherently secure," but wanted to confirm that or get another opinion! Thanks in advance, Ken -- AGENCY Software A Free Software data system By and for non-profits *http://agency-software.org/ <http://agency-software.org/>* *https://agency-software.org/demo/client <https://agency-software.org/demo/client>* ken.tan...@agency-software.org (253) 245-3801 Subscribe to the mailing list <agency-general-requ...@lists.sourceforge.net?body=subscribe> to learn more about AGENCY or follow the discussion.