Thanks all for the input. Sounds like there aren't downsides to sockets, and they are at least as secure. I do have on follow-up question though:
* "peer" auth (OS user == DB user name) is typically the way to go in I used to have my db and linux usernames match, until this issue came along: http://www.postgresql.org/support/security/faq/2013-04-04/. It specifically mentions potentially increased vulnerability if the names match. So when I set up a new server I had them not match. I know this particular issue is fixed. But are there other ways that having the names match could potentially increase vulnerability (even if not known or identified yet), or am I pointlessly "fighting the last war" by keeping the names different? Cheers, Ken -- AGENCY Software A Free Software data system By and for non-profits *http://agency-software.org/ <http://agency-software.org/>* *https://agency-software.org/demo/client <https://agency-software.org/demo/client>* ken.tan...@agency-software.org (253) 245-3801 Subscribe to the mailing list <agency-general-requ...@lists.sourceforge.net?body=subscribe> to learn more about AGENCY or follow the discussion.
