| From: | Timmy Siu <timmy(dot)siu(at)aol(dot)com> |
|---|---|
| To: | Bob Jolliffe <bobjolliffe(at)gmail(dot)com> |
| Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Allowing client access |
| Date: | 2019-10-09 18:39:55 |
| Message-ID: | 09a5e67e-646d-4efb-2879-d66da69e54f5@aol.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Dear Bob,
Thank you.?? hostssl works out of the box!?? It does not require extra
configuration.?? I can connect to my own pgsql server via pgadmin 4.?? I
personally feel that Postgresql v11 is much clever than Mysql v5.7 (I
haven't tried its v8).
I also have tested postgres against TCP Wrappers but it is not compiled
against TCP wrappers library.?? May I suggest the community to have
postgres to work with TCP wrappers.?? Its security will be better.
Regards,
Timmy
> Hi Timmy
>
> You need to use CIDR form in your pg_hba.conf. So:
>
> host all testuser 111.222.333.444/32 md5
>
> Most likely you would probably want to ensure ssl connection if coming
> over untrusted network. So, at minimum, this is better:
>
> hostssl all testuser 111.222.333.444/32 md5
>
> This is better still:
>
> hostssl testdb testuser 111.222.333.444/32 md5
>
> Better still (IMHO) is to keep it local and use ssh tunnel, but I
> understand that might be difficult and not necessarily desirable,
> depending on the context.
>
> Regards
> Bob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pól Ua Laoínecháin | 2019-10-09 19:06:05 | Is my lecturer wrong about PostgreSQL? I think he is! |
| Previous Message | Alvaro Herrera | 2019-10-09 17:51:39 | Re: Pg11 -- MultiXactId xxxx has not been created yet -- apparent wraparound |