FW: Configuring Postgres to use unix sockets
Show quoted text
Hi Everyone
I am not too sure how to do this but I'll ask
I want two postgres servers to communicate over a serial port. I want to avoid using the TCP/IP network protocol for added security. I heard this can be accomplished through unix sockets? Could anyone give me some configuration advice. I am a little in the dark with this type of config.
John Zubac
Operations / DBA
Internetsecure Inc.
+1.905.469.6522 X252
jzubac@internetsecure.com
Gpg Fingerprint: A178 EC10 07D4 B242 8500 F817 D396 F05F D978 3D92
"John Zubac" <jzubac@internetsecure.com> writes:
Hi Everyone
I am not too sure how to do this but I'll ask
I want two postgres servers to communicate over a serial port. I want to
avoid using the TCP/IP network protocol for added security. I heard this
can be accomplished through unix sockets? Could anyone give me some
configuration advice. I am a little in the dark with this type of config.
Unix sockets can't work across a serial link.
You would need to run PPP over the serial link between the two
machines, then make TCP connections using that network. It'd be
*much* faster and less hassle to simply put a second NIC in each
machine, connect them with a crossover cable, and run your PG
connections over that network. You could also enforce use of the
private network (in both cases) by use of firewall rules.
-Doug
Hi John,
Unix sockets are a presentation layer interface to TCP/IP. You're not
avoiding it by using them.
Rick
"John Zubac"
<jzubac@internets
ecure.com> To
Sent by: <pgsql-general@postgresql.org>
pgsql-general-own cc
er@postgresql.org
Subject
[GENERAL] FW: Configuring Postgres
09/09/2005 08:13 to use unix sockets
AM
Hi Everyone
I am not too sure how to do this but I'll ask
I want two postgres servers to communicate over a serial port. I want to
avoid using the TCP/IP network protocol for added security. I heard this
can be accomplished through unix sockets? Could anyone give me some
configuration advice. I am a little in the dark with this type of config.
John Zubac
Operations / DBA
Internetsecure Inc.
+1.905.469.6522 X252
jzubac@internetsecure.com
Gpg Fingerprint: A178 EC10 07D4 B242 8500 F817 D396 F05F D978 3D92
Richard_D_Levine@raytheon.com writes:
Hi John,
Unix sockets are a presentation layer interface to TCP/IP. You're not
avoiding it by using them.
That's not true. Unix sockets are fundamentally different and do not
use TCP/IP at all. They have their own namespace (in the Unix
filesystem) and go through their own delivery path in the kernel, not
through the TCP/IP stack, so they're often faster.
But, they only work on a single machine. :)
-Doug
Douglas McNaught <doug@mcnaught.org> writes:
You could also enforce use of the
private network (in both cases) by use of firewall rules.
I think the real point here is that any additional security you gain
comes from having the physically separate wire. It's foolish to suppose
that using a nonstandard protocol over that wire is going to buy
anything. So there's no point in going through a lot of pushups to
substitute something else for TCP/IP.
regards, tom lane