Le 05/12/2010 17:10, Roger Marquis a écrit :
Zitat von Grant <emailgr...@gmail.com>:
I just noticed that postgrey is listening on localhost:10030. Would
it be better to have it listen to a socket?
We've always run postgrey from a socket. It works fine and allows
file-based ACLs to restrict access from other users and processes.
I don't personally know why application designers tend to use localhost
IP ports instead of sockets,
Since you're stating this too broadly, I'd say:
1- you can move the application to another system (by replacing localhost).
=> a unix socket won't work...
2- on systems that support "jails/containers/zones" (FreeBSD among
others), you can run the application inside its own jail
=> a unix scoekt would only work if you share part of the filesystem in
the jail, which is not always desired/feasible...
3- you can run the application in a chroot cage.
=> a unix socket need to be created before the chroot call. and if you
have multiple clients, then you'll need to create N sockets. if for some
reason, the socket needs to be recreated, then you generally need to
restart the program.
it's probably easier to code,
Not really.
but it is also more difficult for end-users / systems admins to secure.
ideally, programs should support both types. This way, you can chose
either depending on your setup and preferences. and it allows you to use
separate hosts/jails/VMs...
and postgrey does support both unix and inet sockets.
