1 |
Joseph <syscon780@×××××.com> wrote: |
2 |
|
3 |
>On 04/24/13 07:11, J. Roeleveld wrote: |
4 |
>>On Wed, April 24, 2013 00:16, Joseph wrote: |
5 |
>>> On 04/23/13 20:10, J. Roeleveld wrote: |
6 |
>> |
7 |
>><SNIP> |
8 |
>> |
9 |
>> |
10 |
>>>>I am guessing Apache is running on the same machine as your |
11 |
>Postgresql |
12 |
>>>> server? |
13 |
>>>> |
14 |
>>>>In this case. The connection will always originate from localhost |
15 |
>and |
16 |
>>>> Postgresql is behaving as it should. |
17 |
>>>> |
18 |
>>>>You will need to secure access to the website to avoid people |
19 |
>accessing |
20 |
>>>> it. |
21 |
>>>> |
22 |
>>> |
23 |
>>> Yes, every machine I run has apache on it, so Postgresql server |
24 |
>runs on |
25 |
>>> it as well. |
26 |
>>> If I'm connecting from another network machine to a server, how does |
27 |
>it |
28 |
>>> originate from localhost? |
29 |
>>> |
30 |
>>> Something is not correct. |
31 |
>> |
32 |
>>I'll try to explain. |
33 |
>> |
34 |
>>When you connect to the website (Apache) the connection Apache sees |
35 |
>>originates from your machine. |
36 |
>> |
37 |
>>When Apache then needs to access PostgreSQL to access the data needed |
38 |
>for |
39 |
>>the website, Postgresql sees the connection originating from Apache, |
40 |
>which |
41 |
>>is running on the same machine. |
42 |
>> |
43 |
>>-- |
44 |
>>Joost |
45 |
> |
46 |
>Thank you for explanation. |
47 |
> |
48 |
>That is what I'm confused about. When I connect to "pstgresql" |
49 |
>database from the same machine as postgres is running on I can |
50 |
>understand. |
51 |
>It is a local connection from localhost (127.0.0.1) so everybody is |
52 |
>allowed but I don't understand why users on the local network can |
53 |
>connect to my machine and login |
54 |
>using apache when their IP is different. |
55 |
> |
56 |
>-- |
57 |
>Joseph |
58 |
|
59 |
Joseph. |
60 |
|
61 |
The connection to the database is done by apache. Apache connects from the server where Apache is running. |
62 |
|
63 |
Postgresql does not know nor even care where the connection to apache originates from. It only sees apache connecting to it. |
64 |
|
65 |
If you want to prevent people from accessing the website. You will need to configure the restriction in Apache or in a firewall. |
66 |
|
67 |
A webbrowser will NOT connect directly to the database. With a lot of larger applications this will not even be possible because the database is on a seperate server where the firewall is only allowing the webserver to access the database. |
68 |
|
69 |
Restricting access to a website by setting restrictions on the database server uswd by the website is pointless. |
70 |
|
71 |
-- |
72 |
Joost Roeleveld |
73 |
-- |
74 |
Sent from my Android phone with K-9 Mail. Please excuse my brevity. |