Re: Re: [HACKERS] pgsql/php3/apache authentication

At 02:58 PM 27-04-2000 -0400, Jim Mercer wrote:
>On Thu, Apr 27, 2000 at 11:17:39AM +0200, Jan Wieck wrote:
>> [Charset iso-8859-1 unsupported, filtering to ASCII...]
>> > On Wed, 26 Apr 2000, Jim Mercer wrote:
>> >
>> > > - queries via localhost (unix domain sockets) should assume that the
pg_user
>> > > is the same as the unix user running the process.
>> >
>> > There's no way for the server to determine the system user name of the
>> > other end of a domain socket; at least no one has implemented one yet. So
>> > essentially this isn't going to work.
>
>given that, i'm looking at changing things so that i use:
>
>local        all                                           password
>host         all         127.0.0.1       255.255.255.255   ident sameuser
>
>this will force all connections through the unix domain socket to need a
>password.
>
>it will allow unfettered access if the launching process is owned by
>a valid pg_user.

I always thought ident services should be grouped with fortune cookie
services and so on :). But, since it's localhost it could work.

>is there a performance penalty associated with forcing the bulk of my
>processing through the loopback, as opposed to the unix domain socket?

I believe there's a bit more latency but it could be about a millisecond or
less.

You could always do some benchmarks. e.g. time 1000 queries which return
lots of data.

Cheerio,

Link.