| From: | "Bernie LaSalle" <Bernie(dot)LaSalle(at)hsc(dot)utah(dot)edu> |
|---|---|
| To: | <pgsql-admin(at)lists(dot)hansspaans(dot)nl>, <pgsql-admin(at)postgresql(dot)org>, <rgp(at)systame(dot)com> |
| Subject: | Re: Pg_hba and dynamic dns |
| Date: | 2003-05-09 14:12:32 |
| Message-ID: | sebb62f5.053@gwdom2-med.med.utah.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
You may want to consider using another server to access your database(s) which is publically accessable and keep your databse server access restricted. It would require controlling access with a middle layer such as Apache/ColdFusion, Apache/PHP or Apache/Perl but your database would probably be more secure and your mobile users would only need an SSL web browser.
-----------------------------------------------------------------
Bernie LaSalle
GCRC Informatics Core Director
University of Utah
50 North Medical Drive Rm 4R210 SOM
Salt Lake City, UT 84132
(801) 581-3670
>>> Randall Perry <rgp(at)systame(dot)com> 05/09/03 07:51AM >>>
Ok, those are valid points.
What I'm trying to do is get access to the db for clients who are on the
road using connections with dynamic IPs, from a PC running an MS Access db
app. Dynamic DNS would have been an easy solution.
Any ideas how to achieve this in other ways?
> On Thu, May 08, 2003 at 06:40:14PM -0400, Randall Perry wrote:
>> I've discovered I can use URLs for an IP address in pg_hba.conf, and
>> everything works ok if the host can be resolved.
>>
>> If it can't be resolved I get the error:
>> psql: FATAL: Missing or erroneous pg_hba.conf file, see postmaster log for
>> details
>>
>> And then all tcp/ip is denied.
>>
>> That sucks -- means I can't use dynamic DNS. Anyone else think tcp/ip access
>> shouldn't break if a URL can't be resolved?
>
> IMHO support for fqdn should be removed.
>
> 1. FQDN's are mostly resolved when the configuration is being loaded.
> So that data isn't going to change when the program is running or
> would you like to do a dns query for every connection you get?
>
> 2. How are you going to handle forward and reversed dns? Think about
> multiple A-records, fake or no reversed DNS, etc.
>
> 3. If fqdn is being checked when the db gets a connection people can
> break in when you only check reversed dns.
>
> 4. Who is going to ensure me that dns isn't compromised somewhere down
> the line?
>
> This are just a few things, but I'm wondering.
--
Randall Perry
sysTame
Xserve Web Hosting/Co-location
Website Development/Promotion
Mac Consulting/Sales
---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to majordomo(at)postgresql(dot)org
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Raymond Chan | 2003-05-09 14:40:07 | Re: Upgrade to RH9.....Help....PostgreSQL newbie |
| Previous Message | Randall Perry | 2003-05-09 13:51:54 | Re: Pg_hba and dynamic dns |