| 1 |
Joseph <syscon780@×××××.com> wrote: |
| 2 |
|
| 3 |
>On 04/23/13 15:57, J. Roeleveld wrote: |
| 4 |
>>On Tue, April 23, 2013 14:37, Joseph wrote: |
| 5 |
>>> On 04/23/13 10:07, J. Roeleveld wrote: |
| 6 |
>>>>On Tue, April 23, 2013 02:17, Joseph wrote: |
| 7 |
>>>>> In my "pg_hba.conf" I have: |
| 8 |
>>>>> |
| 9 |
>>>>> local all all trust |
| 10 |
>>>>> host all all 127.0.0.1/32 |
| 11 |
>trust |
| 12 |
>>>>> |
| 13 |
>>>>> I was under impression that this is configuration is for localhost |
| 14 |
>>>>> "127.0.0.1" access only. |
| 15 |
>>>>> But to my surprise I can access my database from other machine on |
| 16 |
>my |
| 17 |
>>>>> network and even from another sub-network that I'm connected to |
| 18 |
>via VPN |
| 19 |
>>>>> |
| 20 |
>>>>> How this authentication/access work? |
| 21 |
>>>> |
| 22 |
>>>>Normally that should be sufficient. |
| 23 |
>>>>On which machine does the client-software run? |
| 24 |
>>>> |
| 25 |
>>>>-- |
| 26 |
>>>>Joost Roeleveld |
| 27 |
>>> |
| 28 |
>>> postgresql server runs on my machine but all other machines on the |
| 29 |
>network |
| 30 |
>>> including the one on remote location that I'm connected to via VPN |
| 31 |
>can |
| 32 |
>>> connect to postgresql |
| 33 |
>>> database. |
| 34 |
>>> I don't want other machine to have access to my server database. |
| 35 |
>>> |
| 36 |
>>> Even with a single line in pg_hba.conf |
| 37 |
>>> local all all trust |
| 38 |
>>> |
| 39 |
>>> all other machine on the network can connect to my postgresql |
| 40 |
>database. |
| 41 |
>> |
| 42 |
>>If the PostgreSQL database is running on machine X. |
| 43 |
>>And you are using machine Y. |
| 44 |
>> |
| 45 |
>>What command do you type to connect on machine Y? |
| 46 |
>> |
| 47 |
>>-- |
| 48 |
>>Joost |
| 49 |
> |
| 50 |
>I'm using SQL-Ledger (firefox) to access the postgresql. |
| 51 |
>Brief history: |
| 52 |
>I had a problem in the past when I upgraded to posgresql-9.1, all of a |
| 53 |
>sudden I could not access the sql-ledger. |
| 54 |
> |
| 55 |
>The solution was to add "postgres group" to apache user. |
| 56 |
>The reason for it was the change in directory permission: |
| 57 |
> |
| 58 |
>postgresql 8.x |
| 59 |
>drwxrwx--x 2 postgres postgres 4096 Dec 14 19:57 /var/run/postgresql/ |
| 60 |
> |
| 61 |
>postgresql 9.x |
| 62 |
>drwxrwx--- 2 postgres postgres 4096 Dec 19 13:21 /var/run/postgresql/ |
| 63 |
> |
| 64 |
>So: |
| 65 |
>groups apache |
| 66 |
>apache postgres |
| 67 |
> |
| 68 |
>groups postgres |
| 69 |
>postgres |
| 70 |
> |
| 71 |
>I hope this is correct as adding group "apache" to postgres user does |
| 72 |
>not work. |
| 73 |
> |
| 74 |
>But I just realized that any user from local network can access my |
| 75 |
>sql-ledger using browser. |
| 76 |
>-- |
| 77 |
>Joseph |
| 78 |
|
| 79 |
Joseph. |
| 80 |
|
| 81 |
I am guessing Apache is running on the same machine as your Postgresql server? |
| 82 |
|
| 83 |
In this case. The connection will always originate from localhost and Postgresql is behaving as it should. |
| 84 |
|
| 85 |
You will need to secure access to the website to avoid people accessing it. |
| 86 |
|
| 87 |
Kind regards |
| 88 |
|
| 89 |
Joost Roeleveld |
| 90 |
-- |
| 91 |
Sent from my Android phone with K-9 Mail. Please excuse my brevity. |
Archives