| From: | Tony Grant <tony(at)tgds(dot)net> |
|---|---|
| To: | Holger Klawitter <lists(at)klawitter(dot)de> |
| Cc: | Alan Carbutt <arcarbut(at)adams(dot)edu>, postgres list <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Firewalls and Postgres |
| Date: | 2003-01-29 22:13:59 |
| Message-ID: | 1043878438.2496.36.camel@localhost |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, 2003-01-29 at 10:47, Holger Klawitter wrote:
> ssh -l my-secret-key-file -n -N \
> -L 15432:other.host.com:5432 \
> other.host.com </dev/null
>
> psql -h localhost -p 15432 my_database
>
> However,you have to keep in mind that this connection ends up on
> other.host.com as a tcp/ip connection on 11.22.33.44, not on 127.0.0.1.
> Might need some tweaking in postgresl.conf and pg_hba.conf.
OK the database is behind a firewall. What if I modify pg_hba.conf to
let everybody access the database from anywhere?
Risk is leet hax hacks his way through the firewall and does damage. If
he gets through the firewall he will probably be able to break lots of
other stuff than Postgres too...
I really want to port forward the web application running on port 80.
But the database behind the web application replies to the requests and
won't serve the data to my IP. JSP is pretty good at tightening stuff
like that down!
Cheers
Tony Grant
--
www.tgds.net Library management software toolkit,
redhat linux on Sony Vaio C1XD,
Dreamweaver MX with Tomcat and PostgreSQL
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Williams, Travis L, NPONS | 2003-01-29 22:18:29 | Re: psql command line question.. |
| Previous Message | Tony Grant | 2003-01-29 22:07:14 | Re: Firewalls and Postgres |