1 |
Joseph <syscon780@×××××.com> wrote: |
2 |
|
3 |
>On 04/23/13 15:57, J. Roeleveld wrote: |
4 |
>>On Tue, April 23, 2013 14:37, Joseph wrote: |
5 |
>>> On 04/23/13 10:07, J. Roeleveld wrote: |
6 |
>>>>On Tue, April 23, 2013 02:17, Joseph wrote: |
7 |
>>>>> In my "pg_hba.conf" I have: |
8 |
>>>>> |
9 |
>>>>> local all all trust |
10 |
>>>>> host all all 127.0.0.1/32 |
11 |
>trust |
12 |
>>>>> |
13 |
>>>>> I was under impression that this is configuration is for localhost |
14 |
>>>>> "127.0.0.1" access only. |
15 |
>>>>> But to my surprise I can access my database from other machine on |
16 |
>my |
17 |
>>>>> network and even from another sub-network that I'm connected to |
18 |
>via VPN |
19 |
>>>>> |
20 |
>>>>> How this authentication/access work? |
21 |
>>>> |
22 |
>>>>Normally that should be sufficient. |
23 |
>>>>On which machine does the client-software run? |
24 |
>>>> |
25 |
>>>>-- |
26 |
>>>>Joost Roeleveld |
27 |
>>> |
28 |
>>> postgresql server runs on my machine but all other machines on the |
29 |
>network |
30 |
>>> including the one on remote location that I'm connected to via VPN |
31 |
>can |
32 |
>>> connect to postgresql |
33 |
>>> database. |
34 |
>>> I don't want other machine to have access to my server database. |
35 |
>>> |
36 |
>>> Even with a single line in pg_hba.conf |
37 |
>>> local all all trust |
38 |
>>> |
39 |
>>> all other machine on the network can connect to my postgresql |
40 |
>database. |
41 |
>> |
42 |
>>If the PostgreSQL database is running on machine X. |
43 |
>>And you are using machine Y. |
44 |
>> |
45 |
>>What command do you type to connect on machine Y? |
46 |
>> |
47 |
>>-- |
48 |
>>Joost |
49 |
> |
50 |
>I'm using SQL-Ledger (firefox) to access the postgresql. |
51 |
>Brief history: |
52 |
>I had a problem in the past when I upgraded to posgresql-9.1, all of a |
53 |
>sudden I could not access the sql-ledger. |
54 |
> |
55 |
>The solution was to add "postgres group" to apache user. |
56 |
>The reason for it was the change in directory permission: |
57 |
> |
58 |
>postgresql 8.x |
59 |
>drwxrwx--x 2 postgres postgres 4096 Dec 14 19:57 /var/run/postgresql/ |
60 |
> |
61 |
>postgresql 9.x |
62 |
>drwxrwx--- 2 postgres postgres 4096 Dec 19 13:21 /var/run/postgresql/ |
63 |
> |
64 |
>So: |
65 |
>groups apache |
66 |
>apache postgres |
67 |
> |
68 |
>groups postgres |
69 |
>postgres |
70 |
> |
71 |
>I hope this is correct as adding group "apache" to postgres user does |
72 |
>not work. |
73 |
> |
74 |
>But I just realized that any user from local network can access my |
75 |
>sql-ledger using browser. |
76 |
>-- |
77 |
>Joseph |
78 |
|
79 |
Joseph. |
80 |
|
81 |
I am guessing Apache is running on the same machine as your Postgresql server? |
82 |
|
83 |
In this case. The connection will always originate from localhost and Postgresql is behaving as it should. |
84 |
|
85 |
You will need to secure access to the website to avoid people accessing it. |
86 |
|
87 |
Kind regards |
88 |
|
89 |
Joost Roeleveld |
90 |
-- |
91 |
Sent from my Android phone with K-9 Mail. Please excuse my brevity. |