| From: | Samuel Gendler <sgendler(at)ideasculptor(dot)com> |
|---|---|
| To: | Donald Fraser <postgres(at)kiwi-fraser(dot)net> |
| Cc: | "[JDBC]" <pgsql-jdbc(at)postgresql(dot)org> |
| Subject: | Re: Java proxies connection to postgres |
| Date: | 2010-08-09 12:04:11 |
| Message-ID: | AANLkTin=ra9vcUZyNmiFiXGt5K-=n=Sz3ezjdic83cNc@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
The problem with using an HTTP proxy to proxy a connection to your
database server is that an http proxy is surely counting on the
protocol to be http. I imagine that just about any proxy made since
1995 supports arbitrary port numbers, but that really sin't
sufficient. A proxy that is expecting to read and parse http headers
such as content-length and connection will totally fail to behave
correctly if those headers are not available. You need, at minimum,
what is called a SOCKS proxy. A SOCKS proxy basically does nothing
but look at both sides of the proxied connection and blindly forward
any bytes from one side to the other. That will be able to handle most
protocols. An ssh tunnel is effectively a socks proxy across an ssh
connection. There are also other SOCKS proxies available.
There's a decent description of the difference between socks and http
proxies here: http://en.wikipedia.org/wiki/SOCKS
The reason you are sometimes able to get a http proxy to function with
postgres via https on port 443 is because I imagine that most proxies
will drop into a socks-like mode when proxying https since they will
be unable intercept and interpret the content of the https requests
traversing the connection, since they'll be encrypted. As such, it
just forwards packets back and forth.
On Mon, Aug 9, 2010 at 4:47 AM, Donald Fraser <postgres(at)kiwi-fraser(dot)net> wrote:
> Please look at the attached source taken from a patched version of the 7.4
> driver, which is a little out of date with respect to the latest drivers.
> However it gives you the idea of what you need to do in order to modify one
> of the latest drivers.
> The main problem with all HTTP style proxies is that you can only specify
> ports 80, 443 and sometimes 8080 and or 8000.
> I've spent a lot of time with proxies and to get a reliable connection you
> need to use SSL on port 443.
> This means you must redirect incomming requests, on the firewall that serves
> requests to your PostgreSQL server, from port 443 to port 5432. Which also
> means that you cannot have a secure web-server on the same IP address as
> your PostgreSQL server!
>
> Regards
> Donald Fraser
>
>
> --
> Sent via pgsql-jdbc mailing list (pgsql-jdbc(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-jdbc
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Cramer | 2010-08-09 12:16:11 | Re: Java proxies connection to postgres |
| Previous Message | Craig Ringer | 2010-08-09 11:56:20 | Re: Java proxies connection to postgres |