Re: Pg_hba not using local setting

Thanks for your response.

I changed pg_hba.conf to include the server ip address as shown below:
---
Local all trust
Host all 123.456.789.10 255.255.255.0
password
---

But still have the same result (users can login with any password if local
is set to trust). The web server is on the same machine as the database, no
java used.

Did I misunderstand your comment regarding telling the webserver to connect
using an IP address?

Thanks,
-jim

-----Original Message-----
From: Doug McNaught [mailto:doug(at)mcnaught(dot)org]
Sent: Friday, March 14, 2003 10:38 AM
To: James Hall
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: [GENERAL] Pg_hba not using local setting

James Hall <James(dot)Hall(at)RadioShack(dot)com> writes:

> Hello,
>
> Running version 7.1, have the following entry in PG_HBA.CONF:
> ---
> Local all trust
> Host all 123.0.0.0 255.255.255.0
> password
> ---
>
> With that setting, anyone can login to the database [via our web based
> interface] WITHOUT a valid password. If I change local from trust to
> password then web based users have to enter their specific password to
> login to the database. But none of the backup scripts run because
> postgres needs a password.
>
> Is this a bug, or do I have a misunderstanding of the local use?

It sounds like you're running the webserver on the same machine as the
database. If this is true, and if you're not using Java (which doesn't do
local sockets) the client access library is probably using a local (AF_UNIX)
socket to connect, which triggers the "Local" entry in pg_hba.conf.

If you explicitly tell the webserver to connect using an IP address, it
should come in via a TCP connection and trigger the "Host" line that you
have.

-Doug