From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 0B4491381F3 for ; Thu, 25 Apr 2013 12:35:13 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 49DA9E097D; Thu, 25 Apr 2013 12:35:05 +0000 (UTC) Received: from mail129c7.megamailservers.com (mail129c7-2520.megamailservers.com [69.49.98.24]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2B52AE0969 for ; Thu, 25 Apr 2013 12:35:03 +0000 (UTC) X-POP-User: admin.sys-concept.com Received: from syscon7.localdomain (S01060050da7ae68c.ed.shawcable.net [68.149.90.13]) by mail129c7.megamailservers.com (8.13.6/8.13.1) with ESMTP id r3PCZ128016778 for ; Thu, 25 Apr 2013 08:35:03 -0400 Received: by syscon7.localdomain (Postfix, from userid 1000) id 8BCB1200AAC; Thu, 25 Apr 2013 06:35:19 -0600 (MDT) Date: Thu, 25 Apr 2013 06:35:19 -0600 From: Joseph To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] PosgreSQL - pg_hba.conf localhost access only Message-ID: <20130425123519.GD24932@syscon7.inet> References: <20130423154742.GC19375@syscon7.inet> <02354e00-f504-43d7-a22a-608aee8e7724@email.android.com> <20130423221621.GE19375@syscon7.inet> <20130424124011.GB6467@syscon7.inet> <22cd41f5-c643-4c58-8aa6-b8a0967bc3ad@email.android.com> <20130425002343.GD6467@syscon7.inet> <5178BC1D.40805@gmail.com> <20130425054820.GB24932@syscon7.inet> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-CSC: 0 X-CHA: v=1.1 cv=j/q5RCfQwzWIb/iL7CJW1IhCiIk6cTIJM12XsNnvQCA= c=1 sm=1 a=wom5GMh1gUkA:10 a=zblM0JQylhsA:10 a=nDghuxUhq_wA:10 a=8nJEP1OIZ-IA:10 a=C3ZDv51cNVt4vJz/79I2xQ==:17 a=soKAN4VpCLla-9P6Lm4A:9 a=wPNLvfGTeEIA:10 a=C3ZDv51cNVt4vJz/79I2xQ==:117 X-CTCH-Spam: Unknown X-CTCH-RefID: str=0001.0A020208.517922F7.0060,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0 X-Archives-Salt: 4a03a718-eca1-4b6b-b72b-59961244239b X-Archives-Hash: ad0b7870c6fb721c280074d28e1bff3e On 04/25/13 09:10, J. Roeleveld wrote: >On Thu, April 25, 2013 07:48, Joseph wrote: > > > >> I just tried as you suggested, the only active line in: pg_hba.conf >> local all all trust >> >> anything else is commented out. I restarted the server but I still can >> connect to postgresql from another computer via Firefox. > >Joseph, > >Let me put it in really simple terms: >1) Firefox is NOT a database client, it can NOT connect to a database >2) Firefox IS a webbrowser, it ONLY connects to a webserver > >This means, Postgresql will NOT see ANY connection made by Firefox. > >The website you have running ON TOP OFF apache makes the connection to >Postgresql. > >Eg. it goes like the following: > >User <-> Firefox <-> Apache/website <-> Postgresql > >Any of the above can ONLY see their immediate neighbour. > >-- >Joost So pg_hba.conf only controls direct connections to postgreSQL. Since "apache" group is in postgres user; apache was given permission to access the database in this case py-passing the setting in pg_hba.conf Is there a way to force sequence: Apache/website <-> pg_hba.conf <-> Postgresql -- Joseph