Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Are authentication mechanisms based on UNIX domain sockets (Linux) secure? And m

ID: 658136 • Letter: A

Question

Are authentication mechanisms based on UNIX domain sockets (Linux) secure? And more specifically, are the respective MySQL and PostgreSQL implementations on Linux secure?

The background for my question is: I want to get rid of having to manage all the database user passwords used by various web applications when accessing MySQL and PostgreSQL databases. In all cases when the DB and the App(s) are on the same host, domain socket authentication seems to be the best way to connect them, assuming that each app runs as a separate user.

This mechanism however seems to be very rarely used. Most web apps provide installation instructions proposing password authentication, most linux distributions use passwords by default (infamous MySQL root password) even if DBs are preconfigured for local access only.

I wonder whether there is a good reason to stick to passwords which seems to have only disadvantages (if you impersonate as the user you get their password from the config files and can then access the database without having to re-gain access to the user account).

Explanation / Answer

The MySQL SO_PEERCRED authentication is fairly recent, it was added in version 5.5.10, March 2011. The similar Postgres authentication is a lot older. (Note that Postgres also supports ident, RFC 1413, authentication; MySQL does not, that would be another plugin, perhaps someone will write it.) The relative newness of the feature in MySQL would be one reason you don't see a lot of web apps using it.

The other reason is that, once the app gets enough use, the first thing you'll do for performance or reliability is to move the database to a different host, whereupon you'll have to set up a password (or some other method of authentication) anyway.

As far as security, however, I would say this method is very secure. It depends on the kernel for the security guarantee, that's all.

Related Questions

Arduino Nano Embedded Controller USB cable to connect to laptop Protoboard with
Question #2247941
Arduino Program: The program reads the temperature value and compares it with th
Question #657290
Arduino Programming Help How do arrange my if and else statements so it compiles
Question #3840734
Arduino Question !! \"Connect a resistor R and LED in series to pin 9 and GND on
Question #2085916
Arduino Question: I need an arduino code that does the following: When a push bu
Question #1978647
Arduino Question: I need an arduino code that does the following: When a push bu
Question #2316447
Arduino Uno code help : Build a system that uses a push button as input and the
Question #2247260
Arduino code . need some help to do RGB LED. Now, write a program to show all po
Question #2248849
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Are any of these false? For a given coupon rate, the sensitivity of bond prices
Next
Are bacterial walls simpler or more complex? If you remove the cell wall of a ba

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.