[patch] UNIX sockets support for lwresd
Danny Mayer
mayer at gis.net
Tue Jan 17 17:58:31 UTC 2012
On 1/17/2012 5:57 AM, Ben Laurie wrote:
>
>
> On 17 January 2012 04:31, Danny Mayer <mayer at gis.net
> <mailto:mayer at gis.net>> wrote:
>
> This breaks O/S's that don't support Unix sockets, specifically Windows.
> Please explain why Unix domain sockets are more effective and secure
> rather than using localhost with standard sockets.
>
>
> It is a common misconception that using localhost provides locality -
> this is only true in the strong host model. So, "more secure" is easy to
> explain: only local processes can connect to unix domain sockets, even
> in the weak host model. This point is independent of Capsicum, of course.
>
It's a common misconception that using 127.0.0.1 and ::1 is somehow
insecure. Any system allowing packets with those addresses out on the
network would cause havoc and you'd have far bigger problems than this
application.
Danny
More information about the bind-users
mailing list