Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: "Dustin C. Hatch" <admiralnemo@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] PosgreSQL - pg_hba.conf localhost access only
Date: Thu, 25 Apr 2013 05:16:26
Message-Id: 5178BC1D.40805@gmail.com
In Reply to: Re: [gentoo-user] PosgreSQL - pg_hba.conf localhost access only by Joseph
1 On 4/24/2013 19:23, Joseph wrote:
2 > The above is not correct as users from any machine on a local network
3 > can connect to my database.
4 >
5 In the scenario you described, as Joost explained, the users on your
6 network are *not* connecting to your database; they are connecting to a
7 website. The web server is connecting to the database on their behalf.
8 PostgreSQL's host-based authentication controls only who access the
9 database directly, not who access the applications that use it.
10
11 > If I put a line in pg_hba.conf
12 > host all 127.0.0.1 255.255.255.255 trust
13 >
14 This line is not valid. pg_hba.conf entries take the form
15
16 type database user [address] method [options]
17
18 "type" can be 'local' (connections over a Unix socket), 'host'
19 (connections over TCP, maybe using SSL), 'hostssl' (connections over TCP
20 using SSL), 'hostnossl' (connections over TCP not using SSL).
21
22 To achieve what I think you are looking for, just remove all lines from
23 pg_hba.conf except this one::
24
25 local all all trust
26
27 This will prevent anyone from connecting to your databases using TCP at
28 all. If you really need TCP from the localhost instead of Unix sockets,
29 you can also add this line::
30
31 host all all 127.0.0.1/32 trust
32
33 > postgresql will not even starts, I get an error message:
34 > FATAL: could not load pg_hba.conf
35 > LOG: invalid IP mask "trust": Name or service not known
36 >
37 >
38
39 I would strongly advise you read all of the PostgreSQL documentation
40 before you expose a database to the world. Specifically, please read the
41 official page about pg_hba.conf[1].
42
43 [1] http://www.postgresql.org/docs/9.2/interactive/auth-pg-hba-conf.html
44
45 Regards,
46
47 --
48 ♫Dustin
49 http://dustin.hatch.name/

Replies

Subject Author
Re: [gentoo-user] PosgreSQL - pg_hba.conf localhost access only Joseph <syscon780@×××××.com>
Report Message
Find on MARC Find on Google Groups