Gregory Stark wrote:
"Mark Mielke" <[EMAIL PROTECTED]> writes:
UNIX socket kernel credential passing was mentioned in an earlier post, but I
didn't see it raised again.
I mentioned getsockopt(SO_PEERCRED) which isn't the same as credential
passing. It just tells you what uid is on the other end of your unix domain
socket.
I think it's much more widespread and portable than credential passing which
was a BSD feature which allowed you to send along your kernel credentials to
another process. So you could, for example, open a file in psql then pass the
file descriptor to the backend to have the backend read directly from the
file
I agree - I forgot there were different flavours. I think any of these
are just as good as SSL with public key authentication, and perhaps a
lot cheaper in terms of performance. The only piece of information
missing is the uid to compare against, which may as well be provided in
the db open parameters the same as any other parameters might be provided.
Cheers,
mark
--
Mark Mielke <[EMAIL PROTECTED]>
