I’m new to FDB but didn’t find this raised anywhere already - apologies if not.
I’d like to be able to ensure that there is no way for another user application on the same box to be able to use the TCPIP connection to get direct access to the underlying FDB, and bypass my application’s own security permissions.
For the reasonably common scenario of the FDB server + client application being co-located, it would be great to be able to use a UDS (UNIX Domain Socket) for connectivity, rather than TCP (+ potentially TLS). This would be faster, and significantly easier to secure. I’m aware that right now I don’t have a working application, and therefore an actual performance/security constraint.
With UDS I could simply set appropriate file system permissions, and be sure that only root users could bypass that.