Your PostgreSQL database is not aware of any users that are logged in into or connected to your DSpace web application. It is the Tomcat process itself (which serves the DSpace web app) that connects to your database and since both are on the same host, you should only have the rule "host dspace dspace 127.0.0.1 255.255.255.255 md5". You could see this as Tomcat executing queries on behalf of a user browsing your DSpace repository.
The extra rule you added is a high security risk. I would strongly recommend you to remove it. Just to be sure, in your previous post you mentioned ports 5432 (the default) and 6543 but I'll assume this is a typo and that you have only one database server running. Best regards, Tom [image: logo] Tom Desair 250-B Suite 3A, Lucius Gordon Drive, West Henrietta, NY 14586 Esperantolaan 4, Heverlee 3001, Belgium www.atmire.com <http://atmire.com/website/?q=services&utm_source=emailfooter&utm_medium=email&utm_campaign=tomdesair> 2017-02-01 4:05 GMT+01:00 Walter Rutherford <[email protected]>: > I've previously only interacted with DSpace as a user so please pardon the > 'newb' questions. I'm trying to (re)create a repository that anyone can > search > via a website but only certain authorized local users can modify. > > Given these authentication rules: > host dspace dspace 127.0.0.1 255.255.255.255 md5 > local all all peer > host all all 127.0.0.1/32 ident > > Aren't all the connections local, (explicitly or due to the 127 address)? > > When I have DSpace setup with Tomcat does the database see that as > a local or host connection? Because if it's a host connection then > the md5 host rule will kick in and the user will have to supply a password. > And even then, given the ADDRESS it's still a local connection, right? > So I assumed DSpace web connections would be translated into local > (Tomcat => 'dspace') database queries/connections. > > If my 'dspace' database user had no authority to do anything dangerous > and all access attempts are filtered through Tomcat as 'dspace' could I > just 'trust' the connection since I (hopefully) can trust Tomcat? Then > users > wouldn't need a password to search our repository. Something like this: > > host dspace dspace 127.0.0.1 255.255.255.255 md5 > local dspace dspace trust > local all all peer > host all all 127.0.0.1/32 ident > > Or would that open my site up to all sorts of mischief? > Note: I don't have the Tomcat interface up so I haven't yet tested any of > this from a browser. > > -- > You received this message because you are subscribed to the Google Groups > "DSpace Technical Support" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/dspace-tech. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
