Re: Re: [HACKERS] pgsql/php3/apache authentication

> >given that, i'm looking at changing things so that i use:
> >
> >local        all                                           password
> >host         all         127.0.0.1       255.255.255.255   ident sameuser
> >
> >this will force all connections through the unix domain socket to need a
> >password.
> >
> >it will allow unfettered access if the launching process is owned by
> >a valid pg_user.
>
> I always thought ident services should be grouped with fortune cookie
> services and so on :). But, since it's localhost it could work.

    Never  trust  an  identd running on a system you don't have a
    static ARP entry for -  right?  Still  not  secure  (on  some
    systems  it's  possible  to  fake  the mac address), but good
    enough for most purposes.

> >is there a performance penalty associated with forcing the bulk of my
> >processing through the loopback, as opposed to the unix domain socket?
>
> I believe there's a bit more latency but it could be about a millisecond or
> less.
>
> You could always do some benchmarks. e.g. time 1000 queries which return
> lots of data.

    One of the reasons  for  using  relational  databases  is  to
    reduce   the   amount  of  IO  needed  to  get  a  particular
    information.  So IPC  throughput  shouldn't  be  the  a  real
    problem  -  except  there  is  some major problem with the DB
    layout or the application coding.  In that case I'd suggest

    if it doesn't fit, don't force it - use a bigger hammer!


Jan

--

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#========================================= wieck@debis.com (Jan Wieck) #