> On Jun 13, 2024, at 6:47 AM, Daniel Gustafsson wrote:
>
> While not strictly that, there was a patch not too long ago for teaching
> postgres the PROXY protocol.
As I understand it, PROXY protocol support would be nice if one connects
through haproxy on standalone hosts, so that postgres coul
> On 12 Jun 2024, at 22:46, Casey & Gina wrote:
> ..haproxy doesn't understand the postgres protocol.
While not strictly that, there was a patch not too long ago for teaching
postgres the PROXY protocol.
https://www.postgresql.org/message-id/flat/165903873765.1168.11139166899805820567.pgcf%40co
> On Jun 12, 2024, at 2:17 PM, Tom Lane wrote:
>
> (1) It'd add overhead without adding any security. Data going through
> a UNIX socket will only pass through the local kernel, and if that's
> compromised then it's game over anyway.
That's true. My preference would be to have an unencrypted c
> On 12 Jun 2024, at 21:17, Tom Lane wrote:
>
> Casey & Gina writes:
>> So why can't I use SSL when connecting from a client to a UNIX socket?
>
> (1) It'd add overhead without adding any security. Data going through
> a UNIX socket will only pass through the local kernel, and if that's
> comp
Casey & Gina writes:
> So why can't I use SSL when connecting from a client to a UNIX socket?
(1) It'd add overhead without adding any security. Data going through
a UNIX socket will only pass through the local kernel, and if that's
compromised then it's game over anyway.
(2) I'm less sure abou
