From: | Bob Jolliffe <bobjolliffe(at)gmail(dot)com> |
---|---|
To: | Timmy Siu <timmy(dot)siu(at)aol(dot)com> |
Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
Subject: | Re: Allowing client access |
Date: | 2019-10-09 12:40:50 |
Message-ID: | CACd=f9fN9Vyh-pxjp-hahaa-DeBGWDrxZf-2aDBLw7Fwi5G+ng@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Hi Timmy
You need to use CIDR form in your pg_hba.conf. So:
host all testuser 111.222.333.444/32 md5
Most likely you would probably want to ensure ssl connection if coming
over untrusted network. So, at minimum, this is better:
hostssl all testuser 111.222.333.444/32 md5
This is better still:
hostssl testdb testuser 111.222.333.444/32 md5
Better still (IMHO) is to keep it local and use ssh tunnel, but I
understand that might be difficult and not necessarily desirable,
depending on the context.
Regards
Bob
On Wed, 9 Oct 2019 at 13:34, Timmy Siu <timmy(dot)siu(at)aol(dot)com> wrote:
>
> Dear All Users,
>
> How do I allow an external client IP address access to my pgsql server?
>
> According to my own experience and test, if I set the external client IP address to, for example, 111.222.333.444 in the file /etc/postgresql/11/main/pg_hba.conf, it will not be able to connect to the server:
> #TYPE?????? DATABASE?????? ?? USER?????? ?????? ?????? ADDRESS?????? ?????? ?????? METHOD
> host?????? all?????? ?????? ?????? testuser ???? ?????? 111.222.333.444?????? md5
>
> I must set "address" to "any" as in the following:
> #TYPE?????? DATABASE?????? ?? USER?????? ?????? ?????? ADDRESS?????? ?????? METHOD
> host?????? all?????? ?????? ?????? testuser ???? ?????? 0.0.0.0/0?????? ?? md5
>
>
> Can I limit access to my pgsql server through TCP Wrapper? What is the related executable?
>
>
> Regards,
> Timmy
>
> ??
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2019-10-09 12:45:05 | Re: v12 and pg_restore -f- |
Previous Message | Timmy Siu | 2019-10-09 12:33:41 | Allowing client access |