| 1 |
On Thu, April 25, 2013 14:35, Joseph wrote: |
| 2 |
> On 04/25/13 09:10, J. Roeleveld wrote: |
| 3 |
>>On Thu, April 25, 2013 07:48, Joseph wrote: |
| 4 |
>> |
| 5 |
>><SNIP> |
| 6 |
>> |
| 7 |
>>> I just tried as you suggested, the only active line in: pg_hba.conf |
| 8 |
>>> local all all trust |
| 9 |
>>> |
| 10 |
>>> anything else is commented out. I restarted the server but I still can |
| 11 |
>>> connect to postgresql from another computer via Firefox. |
| 12 |
>> |
| 13 |
>>Joseph, |
| 14 |
>> |
| 15 |
>>Let me put it in really simple terms: |
| 16 |
>>1) Firefox is NOT a database client, it can NOT connect to a database |
| 17 |
>>2) Firefox IS a webbrowser, it ONLY connects to a webserver |
| 18 |
>> |
| 19 |
>>This means, Postgresql will NOT see ANY connection made by Firefox. |
| 20 |
>> |
| 21 |
>>The website you have running ON TOP OFF apache makes the connection to |
| 22 |
>>Postgresql. |
| 23 |
>> |
| 24 |
>>Eg. it goes like the following: |
| 25 |
>> |
| 26 |
>>User <-> Firefox <-> Apache/website <-> Postgresql |
| 27 |
>> |
| 28 |
>>Any of the above can ONLY see their immediate neighbour. |
| 29 |
>> |
| 30 |
>>-- |
| 31 |
>>Joost |
| 32 |
> |
| 33 |
> So pg_hba.conf only controls direct connections to postgreSQL. |
| 34 |
|
| 35 |
Correct. |
| 36 |
|
| 37 |
> Since "apache" group is in postgres user; apache was given permission to |
| 38 |
> access the database in this case py-passing the setting in pg_hba.conf |
| 39 |
|
| 40 |
Wrong, Postgresql does not check group-ownership. Your pg_hba.conf file |
| 41 |
will have a setting that allows Apache to connect. |
| 42 |
|
| 43 |
> Is there a way to force sequence: |
| 44 |
> Apache/website <-> pg_hba.conf <-> Postgresql |
| 45 |
|
| 46 |
Postgresql will always read the pg_hba.conf file and use that to determine |
| 47 |
who can and can not connect directly to Postgresql. |
| 48 |
|
| 49 |
-- |
| 50 |
Joost |
Archives