| 1 |
On 04/25/13 00:16, Dustin C. Hatch wrote: |
| 2 |
>On 4/24/2013 19:23, Joseph wrote: |
| 3 |
>> The above is not correct as users from any machine on a local network |
| 4 |
>> can connect to my database. |
| 5 |
>> |
| 6 |
>In the scenario you described, as Joost explained, the users on your |
| 7 |
>network are *not* connecting to your database; they are connecting to a |
| 8 |
>website. The web server is connecting to the database on their behalf. |
| 9 |
>PostgreSQL's host-based authentication controls only who access the |
| 10 |
>database directly, not who access the applications that use it. |
| 11 |
> |
| 12 |
>> If I put a line in pg_hba.conf |
| 13 |
>> host all 127.0.0.1 255.255.255.255 trust |
| 14 |
>> |
| 15 |
>This line is not valid. pg_hba.conf entries take the form |
| 16 |
> |
| 17 |
>type database user [address] method [options] |
| 18 |
> |
| 19 |
>"type" can be 'local' (connections over a Unix socket), 'host' |
| 20 |
>(connections over TCP, maybe using SSL), 'hostssl' (connections over TCP |
| 21 |
>using SSL), 'hostnossl' (connections over TCP not using SSL). |
| 22 |
> |
| 23 |
>To achieve what I think you are looking for, just remove all lines from |
| 24 |
>pg_hba.conf except this one:: |
| 25 |
> |
| 26 |
> local all all trust |
| 27 |
> |
| 28 |
>This will prevent anyone from connecting to your databases using TCP at |
| 29 |
>all. If you really need TCP from the localhost instead of Unix sockets, |
| 30 |
>you can also add this line:: |
| 31 |
|
| 32 |
I just tried as you suggested, the only active line in: pg_hba.conf |
| 33 |
local all all trust |
| 34 |
|
| 35 |
anything else is commented out. I restarted the server but I still can connect to postgresql from another computer via Firefox. |
| 36 |
I'm trying to produce meaning-full report to see if I can record remote connection from external computer so I have enable in: postgresql.conf |
| 37 |
|
| 38 |
max_connections = 100 |
| 39 |
shared_buffers = 24MB |
| 40 |
log_destination = 'syslog' |
| 41 |
logging_collector = on |
| 42 |
log_directory = 'pg_log' |
| 43 |
log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' |
| 44 |
log_file_mode = 0600 |
| 45 |
syslog_facility = 'LOCAL0' |
| 46 |
syslog_ident = 'postgres' |
| 47 |
client_min_messages = notice |
| 48 |
log_min_messages = notice |
| 49 |
log_checkpoints = on |
| 50 |
log_connections = on |
| 51 |
log_disconnections = on |
| 52 |
log_error_verbosity = verbose |
| 53 |
log_hostname = on |
| 54 |
datestyle = 'iso, mdy' |
| 55 |
lc_messages = 'en_US.UTF-8' |
| 56 |
lc_monetary = 'en_US.UTF-8' |
| 57 |
lc_numeric = 'en_US.UTF-8' |
| 58 |
lc_time = 'en_US.UTF-8' |
| 59 |
default_text_search_config = 'pg_catalog.english' |
| 60 |
|
| 61 |
But I don't see any indication in any report which computer is the connection coming from. |
| 62 |
|
| 63 |
-- |
| 64 |
Joseph |
Archives