| From: | "Josh Goldberg" <josh(at)4dmatrix(dot)com> |
|---|---|
| To: | "Randall Perry" <rgp(at)systame(dot)com>, "Hans Spaans" <pgsql-admin(at)lists(dot)hansspaans(dot)nl>, <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Pg_hba and dynamic dns |
| Date: | 2003-05-09 23:30:31 |
| Message-ID: | 007b01c31682$fb463df0$6e02a8c0@4dmatrix.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
set them up with an ssh tunnel to the db server and connect with that.
That's how I have my suits access our intranet remotely.
----- Original Message -----
From: "Randall Perry" <rgp(at)systame(dot)com>
To: "Hans Spaans" <pgsql-admin(at)lists(dot)hansspaans(dot)nl>;
<pgsql-admin(at)postgresql(dot)org>
Sent: Friday, May 09, 2003 6:51 AM
Subject: Re: [ADMIN] Pg_hba and dynamic dns
> Ok, those are valid points.
>
> What I'm trying to do is get access to the db for clients who are on the
> road using connections with dynamic IPs, from a PC running an MS Access db
> app. Dynamic DNS would have been an easy solution.
>
> Any ideas how to achieve this in other ways?
>
>
> > On Thu, May 08, 2003 at 06:40:14PM -0400, Randall Perry wrote:
> >> I've discovered I can use URLs for an IP address in pg_hba.conf, and
> >> everything works ok if the host can be resolved.
> >>
> >> If it can't be resolved I get the error:
> >> psql: FATAL: Missing or erroneous pg_hba.conf file, see postmaster log
for
> >> details
> >>
> >> And then all tcp/ip is denied.
> >>
> >> That sucks -- means I can't use dynamic DNS. Anyone else think tcp/ip
access
> >> shouldn't break if a URL can't be resolved?
> >
> > IMHO support for fqdn should be removed.
> >
> > 1. FQDN's are mostly resolved when the configuration is being loaded.
> > So that data isn't going to change when the program is running or
> > would you like to do a dns query for every connection you get?
> >
> > 2. How are you going to handle forward and reversed dns? Think about
> > multiple A-records, fake or no reversed DNS, etc.
> >
> > 3. If fqdn is being checked when the db gets a connection people can
> > break in when you only check reversed dns.
> >
> > 4. Who is going to ensure me that dns isn't compromised somewhere down
> > the line?
> >
> > This are just a few things, but I'm wondering.
>
> --
> Randall Perry
> sysTame
>
> Xserve Web Hosting/Co-location
> Website Development/Promotion
> Mac Consulting/Sales
>
> http://www.systame.com/
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo(at)postgresql(dot)org
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Raymond Chan | 2003-05-10 01:50:49 | Re: Upgrade to RH9.....Help....PostgreSQL newbie |
| Previous Message | Hans Spaans | 2003-05-09 22:14:26 | Re: Pg_hba and dynamic dns |