On 04/24/13 22:27, J. Roeleveld wrote:
The connection to the database is done by apache. Apache connects from the
server where Apache is running.
Postgresql does not know nor even care where the connection to apache
originates from. It only sees apache connecting to it.
If you want to prevent people from accessing the website. You will need to
configure the restriction in Apache or in a firewall.
A webbrowser will NOT connect directly to the database. With a lot of larger
applications this will not even be possible because the database is on a
seperate server where the firewall is only allowing the webserver to access the
database.
Restricting access to a website by setting restrictions on the database server
uswd by the website is pointless.
--
Joost Roeleveld
Those postgresql instructions are very,very confusing, for example on the
following webpage:
http://www.linuxtopia.org/online_books/database_guides/Practical_PostgreSQL_database/c15679_002.htm
it states:
---copy----
local
A local entry is semantically the same as a host entry. However, you do not need to specify a host that is allowed to connect. The local entry is used for client
connections that are initiated from the same machine that the PostgreSQL server is operating on.
---end copy---
The above is not correct as users from any machine on a local network can
connect to my database.
If I put a line in pg_hba.conf
host all 127.0.0.1 255.255.255.255 trust
postgresql will not even starts, I get an error message:
FATAL: could not load pg_hba.conf
LOG: invalid IP mask "trust": Name or service not known
--
Joseph