1 |
On Thu, April 25, 2013 14:35, Joseph wrote: |
2 |
> On 04/25/13 09:10, J. Roeleveld wrote: |
3 |
>>On Thu, April 25, 2013 07:48, Joseph wrote: |
4 |
>> |
5 |
>><SNIP> |
6 |
>> |
7 |
>>> I just tried as you suggested, the only active line in: pg_hba.conf |
8 |
>>> local all all trust |
9 |
>>> |
10 |
>>> anything else is commented out. I restarted the server but I still can |
11 |
>>> connect to postgresql from another computer via Firefox. |
12 |
>> |
13 |
>>Joseph, |
14 |
>> |
15 |
>>Let me put it in really simple terms: |
16 |
>>1) Firefox is NOT a database client, it can NOT connect to a database |
17 |
>>2) Firefox IS a webbrowser, it ONLY connects to a webserver |
18 |
>> |
19 |
>>This means, Postgresql will NOT see ANY connection made by Firefox. |
20 |
>> |
21 |
>>The website you have running ON TOP OFF apache makes the connection to |
22 |
>>Postgresql. |
23 |
>> |
24 |
>>Eg. it goes like the following: |
25 |
>> |
26 |
>>User <-> Firefox <-> Apache/website <-> Postgresql |
27 |
>> |
28 |
>>Any of the above can ONLY see their immediate neighbour. |
29 |
>> |
30 |
>>-- |
31 |
>>Joost |
32 |
> |
33 |
> So pg_hba.conf only controls direct connections to postgreSQL. |
34 |
|
35 |
Correct. |
36 |
|
37 |
> Since "apache" group is in postgres user; apache was given permission to |
38 |
> access the database in this case py-passing the setting in pg_hba.conf |
39 |
|
40 |
Wrong, Postgresql does not check group-ownership. Your pg_hba.conf file |
41 |
will have a setting that allows Apache to connect. |
42 |
|
43 |
> Is there a way to force sequence: |
44 |
> Apache/website <-> pg_hba.conf <-> Postgresql |
45 |
|
46 |
Postgresql will always read the pg_hba.conf file and use that to determine |
47 |
who can and can not connect directly to Postgresql. |
48 |
|
49 |
-- |
50 |
Joost |