> On Jun 13, 2024, at 6:47 AM, Daniel Gustafsson wrote:
>
> While not strictly that, there was a patch not too long ago for teaching
> postgres the PROXY protocol.
As I understand it, PROXY protocol support would be nice if one connects
through haproxy on standalone hosts, so that postgres coul
> On Jun 12, 2024, at 2:17 PM, Tom Lane wrote:
>
> (1) It'd add overhead without adding any security. Data going through
> a UNIX socket will only pass through the local kernel, and if that's
> compromised then it's game over anyway.
That's true. My preference would be to have an unencrypted c
It seems that libpq (maybe?) disables SSL when connecting through a UNIX socket
to the database.
My setup involves a HA database cluster managed by Patroni. To route RW or RO
connections to the correct node(s), we use haproxy, running locally on each
application node. In the interest of being
