On 04/24/13 22:27, J. Roeleveld wrote:
[snip]
Thank you for explanation.
That is what I'm confused about. When I connect to "pstgresql"
database from the same machine as postgres is running on I can
understand.
It is a local connection from localhost (127.0.0.1) so everybody is
allowed but I don't understand why users on the local network can
connect to my machine and login
using apache when their IP is different.
--
Joseph
Joseph.
The connection to the database is done by apache. Apache connects from the
server where Apache is running.
Postgresql does not know nor even care where the connection to apache
originates from. It only sees apache connecting to it.
If you want to prevent people from accessing the website. You will need to
configure the restriction in Apache or in a firewall.
A webbrowser will NOT connect directly to the database. With a lot of larger
applications this will not even be possible because the database is on a
seperate server where the firewall is only allowing the webserver to access the
database.
Restricting access to a website by setting restrictions on the database server
uswd by the website is pointless.
--
Joost Roeleveld
Thank you, now this is clear, so that pg_hba.conf has a limited use.
So simple statement in apache directory: Allow from localhost
will fix the issue.
When it comes to database. How can I limit certain users from certain IP to
only one database.
I don't thing this is possible via apache!
The line: "local all all trust"
will give access to everybody.
How those line in pg_hba.conf should look if I want user from remote computer
to access only one database?
Is it:
local my_database all trust
local others_database all ident alex
Does "ident" refers to user who is allow to login into database?
How to list users for a particular database?
Thank you for your explanations.
--
Joseph
