1 |
On 04/24/13 22:27, J. Roeleveld wrote: |
2 |
> |
3 |
>The connection to the database is done by apache. Apache connects from the server where Apache is running. |
4 |
> |
5 |
>Postgresql does not know nor even care where the connection to apache originates from. It only sees apache connecting to it. |
6 |
> |
7 |
>If you want to prevent people from accessing the website. You will need to configure the restriction in Apache or in a firewall. |
8 |
> |
9 |
>A webbrowser will NOT connect directly to the database. With a lot of larger applications this will not even be possible because the database is on a seperate server where the firewall is only allowing the webserver to access the database. |
10 |
> |
11 |
>Restricting access to a website by setting restrictions on the database server uswd by the website is pointless. |
12 |
> |
13 |
>-- |
14 |
>Joost Roeleveld |
15 |
|
16 |
Those postgresql instructions are very,very confusing, for example on the following webpage: |
17 |
http://www.linuxtopia.org/online_books/database_guides/Practical_PostgreSQL_database/c15679_002.htm |
18 |
|
19 |
it states: |
20 |
---copy---- |
21 |
local |
22 |
|
23 |
A local entry is semantically the same as a host entry. However, you do not need to specify a host that is allowed to connect. The local entry is used for client |
24 |
connections that are initiated from the same machine that the PostgreSQL server is operating on. |
25 |
---end copy--- |
26 |
|
27 |
The above is not correct as users from any machine on a local network can connect to my database. |
28 |
|
29 |
If I put a line in pg_hba.conf |
30 |
host all 127.0.0.1 255.255.255.255 trust |
31 |
|
32 |
postgresql will not even starts, I get an error message: |
33 |
FATAL: could not load pg_hba.conf |
34 |
LOG: invalid IP mask "trust": Name or service not known |
35 |
|
36 |
|
37 |
-- |
38 |
Joseph |