1 |
On 04/25/13 00:16, Dustin C. Hatch wrote: |
2 |
>On 4/24/2013 19:23, Joseph wrote: |
3 |
>> The above is not correct as users from any machine on a local network |
4 |
>> can connect to my database. |
5 |
>> |
6 |
>In the scenario you described, as Joost explained, the users on your |
7 |
>network are *not* connecting to your database; they are connecting to a |
8 |
>website. The web server is connecting to the database on their behalf. |
9 |
>PostgreSQL's host-based authentication controls only who access the |
10 |
>database directly, not who access the applications that use it. |
11 |
> |
12 |
>> If I put a line in pg_hba.conf |
13 |
>> host all 127.0.0.1 255.255.255.255 trust |
14 |
>> |
15 |
>This line is not valid. pg_hba.conf entries take the form |
16 |
> |
17 |
>type database user [address] method [options] |
18 |
> |
19 |
>"type" can be 'local' (connections over a Unix socket), 'host' |
20 |
>(connections over TCP, maybe using SSL), 'hostssl' (connections over TCP |
21 |
>using SSL), 'hostnossl' (connections over TCP not using SSL). |
22 |
> |
23 |
>To achieve what I think you are looking for, just remove all lines from |
24 |
>pg_hba.conf except this one:: |
25 |
> |
26 |
> local all all trust |
27 |
> |
28 |
>This will prevent anyone from connecting to your databases using TCP at |
29 |
>all. If you really need TCP from the localhost instead of Unix sockets, |
30 |
>you can also add this line:: |
31 |
|
32 |
I just tried as you suggested, the only active line in: pg_hba.conf |
33 |
local all all trust |
34 |
|
35 |
anything else is commented out. I restarted the server but I still can connect to postgresql from another computer via Firefox. |
36 |
I'm trying to produce meaning-full report to see if I can record remote connection from external computer so I have enable in: postgresql.conf |
37 |
|
38 |
max_connections = 100 |
39 |
shared_buffers = 24MB |
40 |
log_destination = 'syslog' |
41 |
logging_collector = on |
42 |
log_directory = 'pg_log' |
43 |
log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' |
44 |
log_file_mode = 0600 |
45 |
syslog_facility = 'LOCAL0' |
46 |
syslog_ident = 'postgres' |
47 |
client_min_messages = notice |
48 |
log_min_messages = notice |
49 |
log_checkpoints = on |
50 |
log_connections = on |
51 |
log_disconnections = on |
52 |
log_error_verbosity = verbose |
53 |
log_hostname = on |
54 |
datestyle = 'iso, mdy' |
55 |
lc_messages = 'en_US.UTF-8' |
56 |
lc_monetary = 'en_US.UTF-8' |
57 |
lc_numeric = 'en_US.UTF-8' |
58 |
lc_time = 'en_US.UTF-8' |
59 |
default_text_search_config = 'pg_catalog.english' |
60 |
|
61 |
But I don't see any indication in any report which computer is the connection coming from. |
62 |
|
63 |
-- |
64 |
Joseph |