| From: | Karl Wright <kwright(at)metacarta(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | How do I prevent binding to TCP/IP port outside of localhost? |
| Date: | 2006-02-23 20:49:09 |
| Message-ID: | 43FE1FC5.6030803@metacarta.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
I have a situation where I need postgres to LISTEN and allow BINDs to
its TCP/IP port (5432) only to connections that originate from
localhost. I need it to not accept *socket* connections if requests
come in from off-box. If I try to set up pg_hba.conf such that it
rejects off-box requests, it seems to do this after it permits the
socket connection, and that won't do for our security geeks here.
For example, here's the difference:
kwright(at)merrimack:~$ curl http://duck37:5432
curl: (52) Empty reply from server
kwright(at)merrimack:~$ curl http://duck37:5433
curl: (7) couldn't connect to host
kwright(at)merrimack:~$
Note that the outside world seems to be able to connect to 5432 just
fine, although any *database* connections get (properly) rejected.
I cannot turn off TCP/IP entirely because I have a Java application that
uses JDBC.
Can somebody tell me whether this is an innate capability of postgres,
or whether I will need to modify the base code (and if so, WHERE I would
modify it?)
Thanks,
Karl Wright
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chandra Sekhar Surapaneni | 2006-02-23 21:06:59 | Re: subtracting minutes from date |
| Previous Message | Emi Lu | 2006-02-23 20:45:51 | Re: SQL TYPE MAP such as SQL_CHAR, SQL_NUMERIC , etc |