On 04/25/13 18:57, J. Roeleveld wrote:
So pg_hba.conf only controls direct connections to postgreSQL.
Correct.
Since "apache" group is in postgres user; apache was given permission to
access the database in this case py-passing the setting in pg_hba.conf
Wrong, Postgresql does not check group-ownership. Your pg_hba.conf file
will have a setting that allows Apache to connect.
Is there a way to force sequence:
Apache/website <-> pg_hba.conf <-> Postgresql
Postgresql will always read the pg_hba.conf file and use that to determine
who can and can not connect directly to Postgresql.
--
Joost
I've tired with this line:
local clinic sql-ledger trust
I can connect to "clinic" database form localhost and any box on the network.
It works OK
But I when I tried to further limit the database to a single IP, postgresql
refused to start.
local clinic sql-ledger 10.0.0.100/32 trust
--
Joseph
