On 4/24/2013 19:23, Joseph wrote:
The above is not correct as users from any machine on a local network
can connect to my database.
In the scenario you described, as Joost explained, the users on your
network are *not* connecting to your database; they are connecting to a
website. The web server is connecting to the database on their behalf.
PostgreSQL's host-based authentication controls only who access the
database directly, not who access the applications that use it.
If I put a line in pg_hba.conf
host all 127.0.0.1 255.255.255.255 trust
This line is not valid. pg_hba.conf entries take the form
type database user [address] method [options]
"type" can be 'local' (connections over a Unix socket), 'host'
(connections over TCP, maybe using SSL), 'hostssl' (connections over TCP
using SSL), 'hostnossl' (connections over TCP not using SSL).
To achieve what I think you are looking for, just remove all lines from
pg_hba.conf except this one::
local all all trust
This will prevent anyone from connecting to your databases using TCP at
all. If you really need TCP from the localhost instead of Unix sockets,
you can also add this line::
host all all 127.0.0.1/32 trust
postgresql will not even starts, I get an error message:
FATAL: could not load pg_hba.conf
LOG: invalid IP mask "trust": Name or service not known
I would strongly advise you read all of the PostgreSQL documentation
before you expose a database to the world. Specifically, please read the
official page about pg_hba.conf[1].
[1] http://www.postgresql.org/docs/9.2/interactive/auth-pg-hba-conf.html
Regards,
--
♫Dustin
http://dustin.hatch.name/
