1 |
On 04/24/13 22:27, J. Roeleveld wrote: |
2 |
[snip] |
3 |
>> |
4 |
>>Thank you for explanation. |
5 |
>> |
6 |
>>That is what I'm confused about. When I connect to "pstgresql" |
7 |
>>database from the same machine as postgres is running on I can |
8 |
>>understand. |
9 |
>>It is a local connection from localhost (127.0.0.1) so everybody is |
10 |
>>allowed but I don't understand why users on the local network can |
11 |
>>connect to my machine and login |
12 |
>>using apache when their IP is different. |
13 |
>> |
14 |
>>-- |
15 |
>>Joseph |
16 |
> |
17 |
>Joseph. |
18 |
> |
19 |
>The connection to the database is done by apache. Apache connects from the server where Apache is running. |
20 |
> |
21 |
>Postgresql does not know nor even care where the connection to apache originates from. It only sees apache connecting to it. |
22 |
> |
23 |
>If you want to prevent people from accessing the website. You will need to configure the restriction in Apache or in a firewall. |
24 |
> |
25 |
>A webbrowser will NOT connect directly to the database. With a lot of larger applications this will not even be possible because the database is on a seperate server where the firewall is only allowing the webserver to access the database. |
26 |
> |
27 |
>Restricting access to a website by setting restrictions on the database server uswd by the website is pointless. |
28 |
> |
29 |
>-- |
30 |
>Joost Roeleveld |
31 |
|
32 |
Thank you, now this is clear, so that pg_hba.conf has a limited use. |
33 |
So simple statement in apache directory: Allow from localhost |
34 |
will fix the issue. |
35 |
|
36 |
When it comes to database. How can I limit certain users from certain IP to only one database. |
37 |
I don't thing this is possible via apache! |
38 |
|
39 |
The line: "local all all trust" |
40 |
will give access to everybody. |
41 |
|
42 |
How those line in pg_hba.conf should look if I want user from remote computer to access only one database? |
43 |
Is it: |
44 |
local my_database all trust |
45 |
local others_database all ident alex |
46 |
|
47 |
Does "ident" refers to user who is allow to login into database? |
48 |
How to list users for a particular database? |
49 |
|
50 |
Thank you for your explanations. |
51 |
-- |
52 |
Joseph |