| 1 |
On 04/24/13 22:27, J. Roeleveld wrote: |
| 2 |
> |
| 3 |
>The connection to the database is done by apache. Apache connects from the server where Apache is running. |
| 4 |
> |
| 5 |
>Postgresql does not know nor even care where the connection to apache originates from. It only sees apache connecting to it. |
| 6 |
> |
| 7 |
>If you want to prevent people from accessing the website. You will need to configure the restriction in Apache or in a firewall. |
| 8 |
> |
| 9 |
>A webbrowser will NOT connect directly to the database. With a lot of larger applications this will not even be possible because the database is on a seperate server where the firewall is only allowing the webserver to access the database. |
| 10 |
> |
| 11 |
>Restricting access to a website by setting restrictions on the database server uswd by the website is pointless. |
| 12 |
> |
| 13 |
>-- |
| 14 |
>Joost Roeleveld |
| 15 |
|
| 16 |
Those postgresql instructions are very,very confusing, for example on the following webpage: |
| 17 |
http://www.linuxtopia.org/online_books/database_guides/Practical_PostgreSQL_database/c15679_002.htm |
| 18 |
|
| 19 |
it states: |
| 20 |
---copy---- |
| 21 |
local |
| 22 |
|
| 23 |
A local entry is semantically the same as a host entry. However, you do not need to specify a host that is allowed to connect. The local entry is used for client |
| 24 |
connections that are initiated from the same machine that the PostgreSQL server is operating on. |
| 25 |
---end copy--- |
| 26 |
|
| 27 |
The above is not correct as users from any machine on a local network can connect to my database. |
| 28 |
|
| 29 |
If I put a line in pg_hba.conf |
| 30 |
host all 127.0.0.1 255.255.255.255 trust |
| 31 |
|
| 32 |
postgresql will not even starts, I get an error message: |
| 33 |
FATAL: could not load pg_hba.conf |
| 34 |
LOG: invalid IP mask "trust": Name or service not known |
| 35 |
|
| 36 |
|
| 37 |
-- |
| 38 |
Joseph |
Archives