Joseph <syscon...@gmail.com> wrote: >On 04/24/13 07:11, J. Roeleveld wrote: >>On Wed, April 24, 2013 00:16, Joseph wrote: >>> On 04/23/13 20:10, J. Roeleveld wrote: >> >><SNIP> >> >> >>>>I am guessing Apache is running on the same machine as your >Postgresql >>>> server? >>>> >>>>In this case. The connection will always originate from localhost >and >>>> Postgresql is behaving as it should. >>>> >>>>You will need to secure access to the website to avoid people >accessing >>>> it. >>>> >>> >>> Yes, every machine I run has apache on it, so Postgresql server >runs on >>> it as well. >>> If I'm connecting from another network machine to a server, how does >it >>> originate from localhost? >>> >>> Something is not correct. >> >>I'll try to explain. >> >>When you connect to the website (Apache) the connection Apache sees >>originates from your machine. >> >>When Apache then needs to access PostgreSQL to access the data needed >for >>the website, Postgresql sees the connection originating from Apache, >which >>is running on the same machine. >> >>-- >>Joost > >Thank you for explanation. > >That is what I'm confused about. When I connect to "pstgresql" >database from the same machine as postgres is running on I can >understand. >It is a local connection from localhost (127.0.0.1) so everybody is >allowed but I don't understand why users on the local network can >connect to my machine and login >using apache when their IP is different. > >-- >Joseph
Joseph. The connection to the database is done by apache. Apache connects from the server where Apache is running. Postgresql does not know nor even care where the connection to apache originates from. It only sees apache connecting to it. If you want to prevent people from accessing the website. You will need to configure the restriction in Apache or in a firewall. A webbrowser will NOT connect directly to the database. With a lot of larger applications this will not even be possible because the database is on a seperate server where the firewall is only allowing the webserver to access the database. Restricting access to a website by setting restrictions on the database server uswd by the website is pointless. -- Joost Roeleveld -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
