1 |
On 04/23/13 15:57, J. Roeleveld wrote: |
2 |
>On Tue, April 23, 2013 14:37, Joseph wrote: |
3 |
>> On 04/23/13 10:07, J. Roeleveld wrote: |
4 |
>>>On Tue, April 23, 2013 02:17, Joseph wrote: |
5 |
>>>> In my "pg_hba.conf" I have: |
6 |
>>>> |
7 |
>>>> local all all trust |
8 |
>>>> host all all 127.0.0.1/32 trust |
9 |
>>>> |
10 |
>>>> I was under impression that this is configuration is for localhost |
11 |
>>>> "127.0.0.1" access only. |
12 |
>>>> But to my surprise I can access my database from other machine on my |
13 |
>>>> network and even from another sub-network that I'm connected to via VPN |
14 |
>>>> |
15 |
>>>> How this authentication/access work? |
16 |
>>> |
17 |
>>>Normally that should be sufficient. |
18 |
>>>On which machine does the client-software run? |
19 |
>>> |
20 |
>>>-- |
21 |
>>>Joost Roeleveld |
22 |
>> |
23 |
>> postgresql server runs on my machine but all other machines on the network |
24 |
>> including the one on remote location that I'm connected to via VPN can |
25 |
>> connect to postgresql |
26 |
>> database. |
27 |
>> I don't want other machine to have access to my server database. |
28 |
>> |
29 |
>> Even with a single line in pg_hba.conf |
30 |
>> local all all trust |
31 |
>> |
32 |
>> all other machine on the network can connect to my postgresql database. |
33 |
> |
34 |
>If the PostgreSQL database is running on machine X. |
35 |
>And you are using machine Y. |
36 |
> |
37 |
>What command do you type to connect on machine Y? |
38 |
> |
39 |
>-- |
40 |
>Joost |
41 |
|
42 |
I'm using SQL-Ledger (firefox) to access the postgresql. |
43 |
Brief history: |
44 |
I had a problem in the past when I upgraded to posgresql-9.1, all of a sudden I could not access the sql-ledger. |
45 |
|
46 |
The solution was to add "postgres group" to apache user. |
47 |
The reason for it was the change in directory permission: |
48 |
|
49 |
postgresql 8.x |
50 |
drwxrwx--x 2 postgres postgres 4096 Dec 14 19:57 /var/run/postgresql/ |
51 |
|
52 |
postgresql 9.x |
53 |
drwxrwx--- 2 postgres postgres 4096 Dec 19 13:21 /var/run/postgresql/ |
54 |
|
55 |
So: |
56 |
groups apache |
57 |
apache postgres |
58 |
|
59 |
groups postgres |
60 |
postgres |
61 |
|
62 |
I hope this is correct as adding group "apache" to postgres user does not work. |
63 |
|
64 |
But I just realized that any user from local network can access my sql-ledger using browser. |
65 |
-- |
66 |
Joseph |