| 1 |
On 04/23/13 15:57, J. Roeleveld wrote: |
| 2 |
>On Tue, April 23, 2013 14:37, Joseph wrote: |
| 3 |
>> On 04/23/13 10:07, J. Roeleveld wrote: |
| 4 |
>>>On Tue, April 23, 2013 02:17, Joseph wrote: |
| 5 |
>>>> In my "pg_hba.conf" I have: |
| 6 |
>>>> |
| 7 |
>>>> local all all trust |
| 8 |
>>>> host all all 127.0.0.1/32 trust |
| 9 |
>>>> |
| 10 |
>>>> I was under impression that this is configuration is for localhost |
| 11 |
>>>> "127.0.0.1" access only. |
| 12 |
>>>> But to my surprise I can access my database from other machine on my |
| 13 |
>>>> network and even from another sub-network that I'm connected to via VPN |
| 14 |
>>>> |
| 15 |
>>>> How this authentication/access work? |
| 16 |
>>> |
| 17 |
>>>Normally that should be sufficient. |
| 18 |
>>>On which machine does the client-software run? |
| 19 |
>>> |
| 20 |
>>>-- |
| 21 |
>>>Joost Roeleveld |
| 22 |
>> |
| 23 |
>> postgresql server runs on my machine but all other machines on the network |
| 24 |
>> including the one on remote location that I'm connected to via VPN can |
| 25 |
>> connect to postgresql |
| 26 |
>> database. |
| 27 |
>> I don't want other machine to have access to my server database. |
| 28 |
>> |
| 29 |
>> Even with a single line in pg_hba.conf |
| 30 |
>> local all all trust |
| 31 |
>> |
| 32 |
>> all other machine on the network can connect to my postgresql database. |
| 33 |
> |
| 34 |
>If the PostgreSQL database is running on machine X. |
| 35 |
>And you are using machine Y. |
| 36 |
> |
| 37 |
>What command do you type to connect on machine Y? |
| 38 |
> |
| 39 |
>-- |
| 40 |
>Joost |
| 41 |
|
| 42 |
I'm using SQL-Ledger (firefox) to access the postgresql. |
| 43 |
Brief history: |
| 44 |
I had a problem in the past when I upgraded to posgresql-9.1, all of a sudden I could not access the sql-ledger. |
| 45 |
|
| 46 |
The solution was to add "postgres group" to apache user. |
| 47 |
The reason for it was the change in directory permission: |
| 48 |
|
| 49 |
postgresql 8.x |
| 50 |
drwxrwx--x 2 postgres postgres 4096 Dec 14 19:57 /var/run/postgresql/ |
| 51 |
|
| 52 |
postgresql 9.x |
| 53 |
drwxrwx--- 2 postgres postgres 4096 Dec 19 13:21 /var/run/postgresql/ |
| 54 |
|
| 55 |
So: |
| 56 |
groups apache |
| 57 |
apache postgres |
| 58 |
|
| 59 |
groups postgres |
| 60 |
postgres |
| 61 |
|
| 62 |
I hope this is correct as adding group "apache" to postgres user does not work. |
| 63 |
|
| 64 |
But I just realized that any user from local network can access my sql-ledger using browser. |
| 65 |
-- |
| 66 |
Joseph |
Archives