Mark Mielke wrote: > Gregory Stark wrote: > > "Mark Mielke" <[EMAIL PROTECTED]> writes: > > > >> UNIX socket kernel credential passing was mentioned in an earlier post, > >> but I > >> didn't see it raised again. > >> > > > > I mentioned getsockopt(SO_PEERCRED) which isn't the same as credential > > passing. It just tells you what uid is on the other end of your unix domain > > socket. > > > > I think it's much more widespread and portable than credential passing which > > was a BSD feature which allowed you to send along your kernel credentials to > > another process. So you could, for example, open a file in psql then pass > > the > > file descriptor to the backend to have the backend read directly from the > > file > I agree - I forgot there were different flavours. I think any of these > are just as good as SSL with public key authentication, and perhaps a > lot cheaper in terms of performance. The only piece of information > missing is the uid to compare against, which may as well be provided in > the db open parameters the same as any other parameters might be provided.
True, but if you are going to have the client check a uid we might as well just put the socket file in a secure directory and be done with it. -- Bruce Momjian <[EMAIL PROTECTED]> http://momjian.us EnterpriseDB http://postgres.enterprisedb.com + If your life is a hard drive, Christ can be your backup. + ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org
