Skip site navigation (1) Skip section navigation (2)

Re: Patch to make postmaster bind to only to localhost.

From: "Dominic J(dot) Eidson" <sauron(at)the-infinite(dot)org>
To: "John C(dot) Quillan" <john_quillan(at)datasoft(dot)com>
Cc: pgsql-patches(at)postgresql(dot)org
Subject: Re: Patch to make postmaster bind to only to localhost.
Date: 2000-09-10 19:27:16
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-patches
On Sun, 10 Sep 2000, John C. Quillan wrote:

> The company I work, DataSoft, for is doing a web based project
> that uses Java and the JDBC driver for postgres.  Aperently the
> developers have told me that the JDBC requires the -i option on
> postmaster. The only problem is this leves a visibility to the
> outside world that we are using postmaster, or some other service.
> Now we do have the pg_hba.conf configured to allow connections
> from only that box it self, but you can never be two parinoid.

The following might also do the trick, btw...

/sbin/ipchains -A input -j REJECT -p tcp -d 5432 -i eth0 -l

.. add lines for all other interfaces you want to block ...

This causes any TCP connections to port 5432 on that IP address/interface
to be rejected with a connection refused.

I've used this for years on my box, and only ever gotten 2 attempted

Don't take me wrong - I would like to see some kind of abillity to
selectively bind to certain IP's - configfile a'la httpd.conf.

Dominic J. Eidson
                                        "Baruk Khazad! Khazad ai-menu!" - Gimli

In response to

pgsql-patches by date

Next:From: Mark HollomonDate: 2000-09-11 14:09:31
Previous:From: John C. QuillanDate: 2000-09-10 18:27:40
Subject: Patch to make postmaster bind to only to localhost.

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group