On 09/08/2017 17:44, Ted Lemon wrote:

> Of course, the real answer to this is that neither solution is
> desirable.   I've heard several people here say that if localhost were
> "fixed" in an RFC, then the W3C could mark http connections to localhost
> as secure, rather than insecure.   This is of course nonsense.   The
> fact is that you should always validate the endpoint you are connecting
> to using some secure protocol.   With a unix domain socket, you can pass
> credentials over the socket.   With a TCP or UDP connection, you can't
> do that, so you need to use cryptography.

Speaking of which, MySQL uses the word "localhost" as a switch to use a
UNIX domain socket instead of IP for its connection.

Just sayin' ;)


DNSOP mailing list

Reply via email to