Re: Firewalls and Postgres - Mailing list pgsql-general

From Tony Grant
Subject Re: Firewalls and Postgres
Date
Msg-id 1043878438.2496.36.camel@localhost
Whole thread Raw
In response to Re: Firewalls and Postgres  (Holger Klawitter <lists@klawitter.de>)
Responses Re: Firewalls and Postgres
List pgsql-general
On Wed, 2003-01-29 at 10:47, Holger Klawitter wrote:

> ssh -l my-secret-key-file -n -N \
>     -L 15432:other.host.com:5432 \
>     other.host.com </dev/null
>
> psql -h localhost -p 15432 my_database
>
> However,you have to keep in mind that this connection ends up on
> other.host.com as a tcp/ip connection on 11.22.33.44, not on 127.0.0.1.
> Might need some tweaking in postgresl.conf and pg_hba.conf.

OK the database is behind a firewall. What if I modify pg_hba.conf to
let everybody access the database from anywhere?

Risk is leet hax hacks his way through the firewall and does damage. If
he gets through the firewall he will probably be able to break lots of
other stuff than Postgres too...

I really want to port forward the web application running on port 80.
But the database behind the web application replies to the requests and
won't serve the data to my IP. JSP is pretty good at tightening stuff
like that down!

Cheers

Tony Grant

--
www.tgds.net Library management software toolkit,
redhat linux on Sony Vaio C1XD,
Dreamweaver MX with Tomcat and PostgreSQL


pgsql-general by date:

Previous
From: Tony Grant
Date:
Subject: Re: Firewalls and Postgres
Next
From: Stephan Szabo
Date:
Subject: Re: URGENT: referential integrity problem