From: "Dustin C. Hatch" <admiralnemo@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] PosgreSQL - pg_hba.conf localhost access only
Date: Thu, 25 Apr 2013 00:16:13 -0500 [thread overview]
Message-ID: <5178BC1D.40805@gmail.com> (raw)
In-Reply-To: <20130425002343.GD6467@syscon7.inet>
On 4/24/2013 19:23, Joseph wrote:
> The above is not correct as users from any machine on a local network
> can connect to my database.
>
In the scenario you described, as Joost explained, the users on your
network are *not* connecting to your database; they are connecting to a
website. The web server is connecting to the database on their behalf.
PostgreSQL's host-based authentication controls only who access the
database directly, not who access the applications that use it.
> If I put a line in pg_hba.conf
> host all 127.0.0.1 255.255.255.255 trust
>
This line is not valid. pg_hba.conf entries take the form
type database user [address] method [options]
"type" can be 'local' (connections over a Unix socket), 'host'
(connections over TCP, maybe using SSL), 'hostssl' (connections over TCP
using SSL), 'hostnossl' (connections over TCP not using SSL).
To achieve what I think you are looking for, just remove all lines from
pg_hba.conf except this one::
local all all trust
This will prevent anyone from connecting to your databases using TCP at
all. If you really need TCP from the localhost instead of Unix sockets,
you can also add this line::
host all all 127.0.0.1/32 trust
> postgresql will not even starts, I get an error message:
> FATAL: could not load pg_hba.conf
> LOG: invalid IP mask "trust": Name or service not known
>
>
I would strongly advise you read all of the PostgreSQL documentation
before you expose a database to the world. Specifically, please read the
official page about pg_hba.conf[1].
[1] http://www.postgresql.org/docs/9.2/interactive/auth-pg-hba-conf.html
Regards,
--
♫Dustin
http://dustin.hatch.name/
next prev parent reply other threads:[~2013-04-25 5:16 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-23 0:17 [gentoo-user] PosgreSQL - pg_hba.conf localhost access only Joseph
2013-04-23 8:07 ` J. Roeleveld
2013-04-23 12:37 ` Joseph
2013-04-23 13:44 ` Douglas J Hunley
2013-04-23 13:57 ` J. Roeleveld
2013-04-23 15:47 ` Joseph
2013-04-23 18:10 ` J. Roeleveld
2013-04-23 22:16 ` Joseph
2013-04-24 5:11 ` J. Roeleveld
2013-04-24 12:40 ` Joseph
2013-04-24 20:27 ` J. Roeleveld
2013-04-24 23:48 ` Joseph
2013-04-25 7:14 ` J. Roeleveld
2013-04-25 0:23 ` Joseph
2013-04-25 5:16 ` Dustin C. Hatch [this message]
2013-04-25 5:48 ` Joseph
2013-04-25 7:10 ` J. Roeleveld
2013-04-25 12:35 ` Joseph
2013-04-25 16:57 ` J. Roeleveld
2013-04-25 18:26 ` Joseph
2013-04-26 6:59 ` J. Roeleveld
2013-04-27 0:25 ` James Cloos
2013-04-27 1:11 ` Joseph
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5178BC1D.40805@gmail.com \
--to=admiralnemo@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox