From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 70D671381F3 for ; Thu, 25 Apr 2013 00:23:44 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DD13EE0AAC; Thu, 25 Apr 2013 00:23:32 +0000 (UTC) Received: from mail129c7.megamailservers.com (mail129c7-2520.megamailservers.com [69.49.98.24]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id AD8E8E0968 for ; Thu, 25 Apr 2013 00:23:31 +0000 (UTC) X-POP-User: admin.sys-concept.com Received: from syscon7.localdomain (S01060050da7ae68c.ed.shawcable.net [68.149.90.13]) by mail129c7.megamailservers.com (8.13.6/8.13.1) with ESMTP id r3P0NTxo025375 for ; Wed, 24 Apr 2013 20:23:30 -0400 Received: by syscon7.localdomain (Postfix, from userid 1000) id F243A200790; Wed, 24 Apr 2013 18:23:43 -0600 (MDT) Date: Wed, 24 Apr 2013 18:23:43 -0600 From: Joseph To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] PosgreSQL - pg_hba.conf localhost access only Message-ID: <20130425002343.GD6467@syscon7.inet> References: <20130423001731.GB5934@syscon7.inet> <81bef797b52ca11c567d3e5a93c9d7e4.squirrel@www.antarean.org> <20130423123737.GB19375@syscon7.inet> <56cede771dcbb26af7fb96d215b6bca0.squirrel@www.antarean.org> <20130423154742.GC19375@syscon7.inet> <02354e00-f504-43d7-a22a-608aee8e7724@email.android.com> <20130423221621.GE19375@syscon7.inet> <20130424124011.GB6467@syscon7.inet> <22cd41f5-c643-4c58-8aa6-b8a0967bc3ad@email.android.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Disposition: inline In-Reply-To: <22cd41f5-c643-4c58-8aa6-b8a0967bc3ad@email.android.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-CSC: 0 X-CHA: v=1.1 cv=j/q5RCfQwzWIb/iL7CJW1IhCiIk6cTIJM12XsNnvQCA= c=1 sm=1 a=wom5GMh1gUkA:10 a=zblM0JQylhsA:10 a=nDghuxUhq_wA:10 a=8nJEP1OIZ-IA:10 a=C3ZDv51cNVt4vJz/79I2xQ==:17 a=cto_xrnnAAAA:8 a=2arNcZjFPm3B8dHB8DsA:9 a=wPNLvfGTeEIA:10 a=rWYbCMWA0iAA:10 a=FPIF97KBvaTAgeX3:21 a=8KinTqs6M3hVHV5Q:21 a=C3ZDv51cNVt4vJz/79I2xQ==:117 X-CTCH-Spam: Unknown X-CTCH-RefID: str=0001.0A020203.51787783.001E,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0 X-Archives-Salt: f998674b-93ba-4f55-b469-4690b64ac155 X-Archives-Hash: b77535a36ee43d7694448faed28854b6 On 04/24/13 22:27, J. Roeleveld wrote: > >The connection to the database is done by apache. Apache connects from the server where Apache is running. > >Postgresql does not know nor even care where the connection to apache originates from. It only sees apache connecting to it. > >If you want to prevent people from accessing the website. You will need to configure the restriction in Apache or in a firewall. > >A webbrowser will NOT connect directly to the database. With a lot of larger applications this will not even be possible because the database is on a seperate server where the firewall is only allowing the webserver to access the database. > >Restricting access to a website by setting restrictions on the database server uswd by the website is pointless. > >-- >Joost Roeleveld Those postgresql instructions are very,very confusing, for example on the following webpage: http://www.linuxtopia.org/online_books/database_guides/Practical_PostgreSQL_database/c15679_002.htm it states: ---copy---- local A local entry is semantically the same as a host entry. However, you do not need to specify a host that is allowed to connect. The local entry is used for client connections that are initiated from the same machine that the PostgreSQL server is operating on. ---end copy--- The above is not correct as users from any machine on a local network can connect to my database. If I put a line in pg_hba.conf host all 127.0.0.1 255.255.255.255 trust postgresql will not even starts, I get an error message: FATAL: could not load pg_hba.conf LOG: invalid IP mask "trust": Name or service not known -- Joseph