On 1/17/2012 5:57 AM, Ben Laurie wrote: > > > On 17 January 2012 04:31, Danny Mayer <ma...@gis.net > <mailto:ma...@gis.net>> wrote: > > This breaks O/S's that don't support Unix sockets, specifically Windows. > Please explain why Unix domain sockets are more effective and secure > rather than using localhost with standard sockets. > > > It is a common misconception that using localhost provides locality - > this is only true in the strong host model. So, "more secure" is easy to > explain: only local processes can connect to unix domain sockets, even > in the weak host model. This point is independent of Capsicum, of course. >
It's a common misconception that using 127.0.0.1 and ::1 is somehow insecure. Any system allowing packets with those addresses out on the network would cause havoc and you'd have far bigger problems than this application. Danny _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
