| From: | Elson Vaz <elsonlei(at)gmail(dot)com> |
|---|---|
| To: | Vasanth R <rvasanth(at)gmail(dot)com> |
| Cc: | pinker <pinker(at)onet(dot)eu>, pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Acess Control ! |
| Date: | 2017-10-04 11:16:28 |
| Message-ID: | CAJJTqWQnZ_FVN4qdcRbMJtS6WR94=7ciVvLxdQ1bS_YihxhUjg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Okay, thanks, so why not block the xpto connection coming from 10.75.15.60,
as we can see, the first configuration could block it ??
# TYPE DATABASE USER ADDRESS METHOD
>
> host xpto system 10.72.18.0/24
> reject
>
> host xpto system 0.0.0.0/0
reject
host xpto system 10.75.15.60/32 md5
host all all *0.0.0.0/0
<http://0.0.0.0/0>* md5
2017-10-04 10:01 GMT-01:00 Vasanth R <rvasanth(at)gmail(dot)com>:
> It is read from up to down until specific criteria is true. It stops there
> and doesn't read thru rest of the lines.
>
> On Wed, Oct 4, 2017 at 06:41 Elson Vaz <elsonlei(at)gmail(dot)com> wrote:
>
>> Good morning pinker,
>>
>>
>> Thank you for approch, but i maked this teste:
>>
>> 1. Reject xpto connection from all adress and after acept xpto
>> connection from this adress - result = work good (lock connection
>> for xtpo come from other adress and acept from this adress)
>>
>>
>> # TYPE DATABASE USER ADDRESS METHOD
>>>
>>> host xpto system 10.72.18.0/24
>>> reject
>>>
>>> host xpto system 0.0.0.0/0
>> reject
>> host xpto system 10.75.15.60/32
>> md5
>>
>> host all all *0.0.0.0/0
>> <http://0.0.0.0/0>* md5
>>
>>
>>
>> 1. acept xpto connection from especific adress and after reject
>> from all connection - result = (acept all connection, that come from
>> all adress )
>>
>>
>>
>> # TYPE DATABASE USER ADDRESS METHOD
>>>
>>>
>>
>> host xpto system 10.75.15.60/32
>>> md5
>>>
>>>
>>
>> host all all *0.0.0.0/0
>> <http://0.0.0.0/0>* md5
>>
>>
>> host xpto system
>> 10.72.18.0/24 reject
>> host xpto system
>> 0.0.0.0/0 reject
>>
>>
>>
>>
>>
>> So, maybe the read come from up to down? or have other explanation? i
>> don't know, i use postgres 9.4.
>>
>> 2017-10-03 20:55 GMT-01:00 pinker <pinker(at)onet(dot)eu>:
>>
>>> be careful with order change. This proposed by Scott was correct; yours
>>> will
>>> reject all the connections made by user system to xpto. Documentation
>>> says:
>>>
>>> > The first record with a matching connection type, client address,
>>> > requested database, and user name is used to perform authentication.
>>> There
>>> > is no "fall-through" or "backup": if one record is chosen and the
>>> > authentication fails, subsequent records are not considered.
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Sent from: http://www.postgresql-archive.org/PostgreSQL-admin-f2076596.
>>> html
>>>
>>>
>>> --
>>> Sent via pgsql-admin mailing list (pgsql-admin(at)postgresql(dot)org)
>>> To make changes to your subscription:
>>> http://www.postgresql.org/mailpref/pgsql-admin
>>>
>>
>> --
> Thanks
> Vasanth
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Vasanth R | 2017-10-04 11:30:34 | Re: Acess Control ! |
| Previous Message | Vasanth R | 2017-10-04 11:01:05 | Re: Acess Control ! |