Re: [HACKERS] pgsql/php3/apache authentication

On Thu, Apr 27, 2000 at 11:17:39AM +0200, Jan Wieck wrote:
> [Charset iso-8859-1 unsupported, filtering to ASCII...]
> > On Wed, 26 Apr 2000, Jim Mercer wrote:
> >
> > > - queries via localhost (unix domain sockets) should assume that the pg_user
> > > is the same as the unix user running the process.
> >
> > There's no way for the server to determine the system user name of the
> > other end of a domain socket; at least no one has implemented one yet. So
> > essentially this isn't going to work.

given that, i'm looking at changing things so that i use:

local all password
host all 127.0.0.1 255.255.255.255 ident sameuser

this will force all connections through the unix domain socket to need a
password.

it will allow unfettered access if the launching process is owned by
a valid pg_user.

is there a performance penalty associated with forcing the bulk of my
processing through the loopback, as opposed to the unix domain socket?

--
[ Jim Mercer jim(at)reptiles(dot)org +1 416 506-0654 ]
[ Reptilian Research -- Longer Life through Colder Blood ]
[ Don't be fooled by cheap Finnish imitations; BSD is the One True Code. ]