Skip site navigation (1) Skip section navigation (2)

Re: Java proxies connection to postgres

From: Dave Cramer <pg(at)fastcrypt(dot)com>
To: Samuel Gendler <sgendler(at)ideasculptor(dot)com>
Cc: Donald Fraser <postgres(at)kiwi-fraser(dot)net>, "[JDBC]" <pgsql-jdbc(at)postgresql(dot)org>
Subject: Re: Java proxies connection to postgres
Date: 2010-08-09 12:16:11
Message-ID: AANLkTikMR-e6Sm+nJKhsp=uyYkb40O6_UK1wgVGUEjKY@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-jdbc
On Mon, Aug 9, 2010 at 8:04 AM, Samuel Gendler
<sgendler(at)ideasculptor(dot)com> wrote:
> The problem with using an HTTP proxy to proxy a connection to your
> database server is that an http proxy is surely counting on the
> protocol to be http.  I imagine that just about any proxy made since
> 1995 supports arbitrary port numbers, but that really sin't
> sufficient.  A proxy that is expecting to read and parse http headers
> such as content-length and connection will totally fail to behave
> correctly if those headers are not available. You need, at minimum,
> what is called a SOCKS proxy.  A SOCKS proxy basically does nothing
> but look at both sides of the proxied connection and blindly forward
> any bytes from one side to the other. That will be able to handle most
> protocols. An ssh tunnel is effectively a socks proxy across an ssh
> connection.  There are also other SOCKS proxies available.
>
> There's a decent description of the difference between socks and http
> proxies here: http://en.wikipedia.org/wiki/SOCKS
>
> The reason you are sometimes able to get a http proxy to function with
> postgres via https on port 443 is because I imagine that most proxies
> will drop into a socks-like mode when proxying https since they will
> be unable intercept and interpret the content of the https requests
> traversing the connection, since they'll be encrypted.  As such, it
> just forwards packets back and forth.
>
> On Mon, Aug 9, 2010 at 4:47 AM, Donald Fraser <postgres(at)kiwi-fraser(dot)net> wrote:
>> Please look at the attached source taken from a patched version of the 7.4
>> driver, which is a little out of date with respect to the latest drivers.
>> However it gives you the idea of what you need to do in order to modify one
>> of the latest drivers.
>> The main problem with all HTTP style proxies is that you can only specify
>> ports 80, 443 and sometimes 8080 and or 8000.
>> I've spent a lot of time with proxies and to get a reliable connection you
>> need to use SSL on port 443.
>> This means you must redirect incomming requests, on the firewall that serves
>> requests to your PostgreSQL server, from port 443 to port 5432. Which also
>> means that you cannot have a secure web-server on the same IP address as
>> your PostgreSQL server!

Not to mention the fact that the connection will not persist. Even if
you got this to work by modifying the listening port of the driver you
would have to open and close each request.

Perhaps you should tell us why and what your end goal is, there may be
a better solution.

Dave

In response to

pgsql-jdbc by date

Next:From: Matthew WakelingDate: 2010-08-09 12:17:42
Subject: Re: Java proxies connection to postgres
Previous:From: Samuel GendlerDate: 2010-08-09 12:04:11
Subject: Re: Java proxies connection to postgres

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group