| From: | paul rivers <rivers(dot)paul(at)gmail(dot)com> |
|---|---|
| To: | Jorge Godoy <jgodoy(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org, rod(at)iol(dot)ie, dfx(at)dfx(dot)it |
| Subject: | Re: Connect to postgres from a dynamic IP |
| Date: | 2008-03-03 16:17:03 |
| Message-ID: | 47CC247F.9090005@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Jorge Godoy wrote:
> Em Monday 03 March 2008 08:08:36 Raymond O'Donnell escreveu:
>
>> On 03/03/2008 11:01, dfx wrote:
>>
>>> The question il: Is there a method to avoid to insert the addesses of
>>> the clients in the pg_hba.conf and to allow connections from internet
>>> with security assured only by username and password?
>>>
>> Yes, that's what people have been explaining: you insert a line
>> something like:
>>
>> host [database] [user] 0.0.0.0/0 md5
>>
>
> But make it "hostssl" instead of "host", to require some cryptography in the
> channel used, specially to authenticate the connection.
>
> Opening your access to everyone without crypto sounds like something you don't
> want to do. Specially if users can change their own passwords...
My understanding is no password is sent in the clear with md5 per:
http://www.postgresql.org/docs/8.3/interactive/auth-methods.html#AUTH-PASSWORD
Paul
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Collin | 2008-03-03 16:35:39 | Re: Connect to postgres from a dynamic IP |
| Previous Message | Richard Huxton | 2008-03-03 14:26:16 | Re: 8.2.6 > 8.3 blows up |