From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 407171381F3 for ; Wed, 24 Apr 2013 12:40:12 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id AB61AE0C2A; Wed, 24 Apr 2013 12:40:03 +0000 (UTC) Received: from mail130c7.megamailservers.com (mail130c7-2520.megamailservers.com [69.49.98.25]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 834F0E0C03 for ; Wed, 24 Apr 2013 12:40:02 +0000 (UTC) X-POP-User: admin.sys-concept.com Received: from syscon7.localdomain (S01060050da7ae68c.ed.shawcable.net [68.149.90.13]) by mail130c7.megamailservers.com (8.13.6/8.13.1) with ESMTP id r3OCe0sP026332 for ; Wed, 24 Apr 2013 08:40:01 -0400 Received: by syscon7.localdomain (Postfix, from userid 1000) id 7FEE5200790; Wed, 24 Apr 2013 06:40:11 -0600 (MDT) Date: Wed, 24 Apr 2013 06:40:11 -0600 From: Joseph To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] PosgreSQL - pg_hba.conf localhost access only Message-ID: <20130424124011.GB6467@syscon7.inet> References: <20130423001731.GB5934@syscon7.inet> <81bef797b52ca11c567d3e5a93c9d7e4.squirrel@www.antarean.org> <20130423123737.GB19375@syscon7.inet> <56cede771dcbb26af7fb96d215b6bca0.squirrel@www.antarean.org> <20130423154742.GC19375@syscon7.inet> <02354e00-f504-43d7-a22a-608aee8e7724@email.android.com> <20130423221621.GE19375@syscon7.inet> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-CSC: 0 X-CHA: v=1.1 cv=v0LpjJCVSzfMJZYWpxA22UB7+QBrypfQZuAVO2CL3k8= c=1 sm=1 a=wom5GMh1gUkA:10 a=zblM0JQylhsA:10 a=nDghuxUhq_wA:10 a=8nJEP1OIZ-IA:10 a=C3ZDv51cNVt4vJz/79I2xQ==:17 a=3rGrfhNVlN5f_osOkkMA:9 a=wPNLvfGTeEIA:10 a=C3ZDv51cNVt4vJz/79I2xQ==:117 X-CTCH-Spam: Unknown X-CTCH-RefID: str=0001.0A020206.5177D2A1.017C,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0 X-Archives-Salt: eac53e53-7aee-4376-b040-eac2095c13cb X-Archives-Hash: f3f3fd82f3bf6c93e50385f8442a4ce8 On 04/24/13 07:11, J. Roeleveld wrote: >On Wed, April 24, 2013 00:16, Joseph wrote: >> On 04/23/13 20:10, J. Roeleveld wrote: > > > > >>>I am guessing Apache is running on the same machine as your Postgresql >>> server? >>> >>>In this case. The connection will always originate from localhost and >>> Postgresql is behaving as it should. >>> >>>You will need to secure access to the website to avoid people accessing >>> it. >>> >> >> Yes, every machine I run has apache on it, so Postgresql server runs on >> it as well. >> If I'm connecting from another network machine to a server, how does it >> originate from localhost? >> >> Something is not correct. > >I'll try to explain. > >When you connect to the website (Apache) the connection Apache sees >originates from your machine. > >When Apache then needs to access PostgreSQL to access the data needed for >the website, Postgresql sees the connection originating from Apache, which >is running on the same machine. > >-- >Joost Thank you for explanation. That is what I'm confused about. When I connect to "pstgresql" database from the same machine as postgres is running on I can understand. It is a local connection from localhost (127.0.0.1) so everybody is allowed but I don't understand why users on the local network can connect to my machine and login using apache when their IP is different. -- Joseph