Greg and Anrew thanks for your concern on the issue.
Indeed selecting the source interface - ip would be a great option since for
me (but many other) trying to connect to a secure postgresql server over
internet is must accompanied with username + password + ssl but it is one
more L3 criteria.
And also I feel sure that my application will run whatever the server admin
changes.
Pls let me know if any modification in libpq code could help to bind address
or interface alias temporary.
DS
-----Original Message-----
From: gsstark@gmail.com [mailto:gsstark@gmail.com] On Behalf Of Greg Stark
Sent: Thursday, September 03, 2009 3:51 PM
To: Andrew McMillan
Cc: dimitris.sakellarios@telesuite.gr; pgsql-php@postgresql.org
Subject: Re: How to select the source ip address for a connection to the
database server
On Thu, Sep 3, 2009 at 12:31 PM, Andrew McMillan<andrew@morphoss.com> wrote:
> Nope, unless you're root you're unlikely to be able to choose the source
> address for your connection, and even then it would be tricky.
I don't think you need to be root to select a source address. But
that's not helpful since libpq doesn't support binding to a particular
interface. That would be a useful feature and we should probably add
it to the TODO.
You should note that the source address isn't actually a very secure
way to protect your connections since any other host on that network
could spoof your address.
It sounds like what you're looking for is to control the interface the
packets are routed through. This is separate from the source address
as packets are often routed through multiple hosts along their way.
Routing rules are not something individual applications normally get
involved in. If the connections are being routed through the wrong
interface then you have a global problem, not just with the database
and it requires system-wide configuration changes.
--
greg
http://mit.edu/~gsstark/resume.pdf
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4393 (20090904) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4394 (20090904) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com