I have a 3 tier client/server application where the client connection
to the server which then uses PostgreSQL. I'd like to extend the
client to have direct access to PostgreSQL but do not want to open up
postgresql to the internet.
So, I'd like to tunnel the libpq connection over the existing secure
socket. My preferred solution would be for the client to pass libpq
an already connected file descriptor (so I can prevent binding a port
to localhost).
Is such a thing possible without hacking libpq? Are there other
options I should be looking at that don't involve PostgreSQL listening
on the evil internet?
Thanks.