Re: [gentoo-user] PosgreSQL - pg_hba.conf localhost access only

["J. Roeleveld" <joost@antarean.org>]

Joseph <syscon780@gmail.com> wrote:

>On 04/23/13 15:57, J. Roeleveld wrote:
>>On Tue, April 23, 2013 14:37, Joseph wrote:
>>> On 04/23/13 10:07, J. Roeleveld wrote:
>>>>On Tue, April 23, 2013 02:17, Joseph wrote:
>>>>> In my "pg_hba.conf" I have:
>>>>>
>>>>> local	all             all             		        trust
>>>>> host    all             all             127.0.0.1/32           
>trust
>>>>>
>>>>> I was under impression that this is configuration is for localhost
>>>>> "127.0.0.1" access only.
>>>>> But to my surprise I can access my database from other machine on
>my
>>>>> network and even from another sub-network that I'm connected to
>via VPN
>>>>>
>>>>> How this authentication/access work?
>>>>
>>>>Normally that should be sufficient.
>>>>On which machine does the client-software run?
>>>>
>>>>--
>>>>Joost Roeleveld
>>>
>>> postgresql server runs on my machine but all other machines on the
>network
>>> including the one on remote location that I'm connected to via VPN
>can
>>> connect to postgresql
>>> database.
>>> I don't want other machine to have access to my server database.
>>>
>>> Even with a single line in pg_hba.conf
>>>  local   all   all   trust
>>>
>>> all other machine on the network can connect to my postgresql
>database.
>>
>>If the PostgreSQL database is running on machine X.
>>And you are using machine Y.
>>
>>What command do you type to connect on machine Y?
>>
>>--
>>Joost
>
>I'm using SQL-Ledger (firefox) to access the postgresql.
>Brief history:
>I had a problem in the past when I upgraded to posgresql-9.1, all of a
>sudden I could not access the sql-ledger.
>
>The solution was to add "postgres group" to apache user.
>The reason for it was the change in directory permission:
>
>postgresql 8.x
>drwxrwx--x 2 postgres postgres 4096 Dec 14 19:57 /var/run/postgresql/
>
>postgresql 9.x
>drwxrwx--- 2 postgres postgres 4096 Dec 19 13:21 /var/run/postgresql/ 
>
>So: 
>groups apache
>apache postgres
>
>groups postgres
>postgres
>
>I hope this is correct as adding group "apache" to postgres user does
>not work.
>
>But I just realized that any user from local network can access my
>sql-ledger using browser.
>-- 
>Joseph

Joseph.

I am guessing Apache is running on the same machine as your Postgresql server?

In this case. The connection will always originate from localhost and Postgresql is behaving as it should.

You will need to secure access to the website to avoid people accessing it.

Kind regards

Joost Roeleveld
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.