| From: | Lincoln Yeoh <lyeoh(at)pop(dot)jaring(dot)my> |
|---|---|
| To: | Tony Grant <tony(at)tgds(dot)net> |
| Cc: | postgres list <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Firewalls and Postgres |
| Date: | 2003-01-29 17:00:27 |
| Message-ID: | 5.1.0.14.1.20030130005349.028453b0@mbox.jaring.my |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
At 05:13 PM 1/29/03 -0500, Tony Grant wrote:
>ome tweaking in postgresl.conf and pg_hba.conf.
>
>OK the database is behind a firewall. What if I modify pg_hba.conf to
>let everybody access the database from anywhere?
>
>Risk is leet hax hacks his way through the firewall and does damage. If
>he gets through the firewall he will probably be able to break lots of
>other stuff than Postgres too...
How about pg_hba.conf configured to allow any IP to access.
But the host postgresql is running on is configured to not allow external
access postgresql port, and only allows ssh or whatever you picked to
tunnel stuff in.
So the only way in is via the tunnel.
>I really want to port forward the web application running on port 80.
>But the database behind the web application replies to the requests and
>won't serve the data to my IP. JSP is pretty good at tightening stuff
>like that down!
I don't understand the dynamic IP part you mentioned in another post.
Is your web app really on a dynamic IP on the Internet, trying to access a
remote postgresql server through a firewall?
Some details on your network setup could be helpful.
Link.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jean-Luc Lachance | 2003-01-29 17:00:58 | Re: psql command line question.. |
| Previous Message | Tom Lane | 2003-01-29 17:00:04 | Re: index on timestamp performance |