Re: Re Dynamic IP - pg_hba - Mailing list pgsql-novice

From Josh Berkus
Subject Re: Re Dynamic IP - pg_hba
Date
Msg-id 200302171606.32814.josh@agliodbs.com
Whole thread Raw
In response to Re Dynamic IP - pg_hba  ("Dirk Hamstra" <dirk-hamstra@attbi.com>)
List pgsql-novice
Dirk,

> Well figured out the answer to my own question. Pattern is simply a mask of
> 0s like this for the internal network:
>
> host all 0.0.0.0 0.0.0.0 trust

This opens your database to the Universe, including the internet.   You sure
you want to do this?  If so, give me your ip address, I could use some extra
database testing space <grin>

I think you want something more like this:

host all 10.1.0.0 255.255.0.0 trust

... assuming that your DHCP range is 10.1.x.x.   You'll need to ask your
network administrator for the right numbers to cover your internal network.

Also, "trust" means that any user on your network does not need a password to
log in, a really insecure situation.  Depending on what your client supports,
you want (in descending order of security):

host all 10.1.0.0 255.255.0.0 md5
host all 10.1.0.0 255.255.0.0 crypt
host all 10.1.0.0 255.255.0.0 password


--
-Josh Berkus
 Aglio Database Solutions
 San Francisco


pgsql-novice by date:

Previous
From: Josh Berkus
Date:
Subject: Re: Multiple Return Values?
Next
From: Bruno Wolff III
Date:
Subject: Re: MySQL comparable syntax for PostgreSQL