It looks like postgresql supports either of the below
- Use tcp (i.e. localhost:5432) with password authentication
- Use Unix domain scoket (i.e /var/run/postgresql/.s.PGSQL.5432 ) with peer/trust authentication
Is it possible to have password with unix domain socket?
Background:
I use php-fpm to run multiple apps. I want different apps to have different databases and passwords but they will be run as the same user (www-data). So peer/trust authentication does not good since if one app is compromised, it can read data of the other app too. I cannot use tcp auth too as I run php-fpm service with PrivateNetwork=yes
to make sure the apps can't make outside requests. Also unix domain sockets have better performance than tcp.