Re: Pg_hba and dynamic dns
| От | Josh Goldberg |
|---|---|
| Тема | Re: Pg_hba and dynamic dns |
| Дата | |
| Msg-id | 007b01c31682$fb463df0$6e02a8c0@4dmatrix.com обсуждение исходный текст |
| Ответ на | Re: Pg_hba and dynamic dns (Randall Perry <rgp@systame.com>) |
| Ответы |
Re: Pg_hba and dynamic dns
|
| Список | pgsql-admin |
set them up with an ssh tunnel to the db server and connect with that. That's how I have my suits access our intranet remotely. ----- Original Message ----- From: "Randall Perry" <rgp@systame.com> To: "Hans Spaans" <pgsql-admin@lists.hansspaans.nl>; <pgsql-admin@postgresql.org> Sent: Friday, May 09, 2003 6:51 AM Subject: Re: [ADMIN] Pg_hba and dynamic dns > Ok, those are valid points. > > What I'm trying to do is get access to the db for clients who are on the > road using connections with dynamic IPs, from a PC running an MS Access db > app. Dynamic DNS would have been an easy solution. > > Any ideas how to achieve this in other ways? > > > > On Thu, May 08, 2003 at 06:40:14PM -0400, Randall Perry wrote: > >> I've discovered I can use URLs for an IP address in pg_hba.conf, and > >> everything works ok if the host can be resolved. > >> > >> If it can't be resolved I get the error: > >> psql: FATAL: Missing or erroneous pg_hba.conf file, see postmaster log for > >> details > >> > >> And then all tcp/ip is denied. > >> > >> That sucks -- means I can't use dynamic DNS. Anyone else think tcp/ip access > >> shouldn't break if a URL can't be resolved? > > > > IMHO support for fqdn should be removed. > > > > 1. FQDN's are mostly resolved when the configuration is being loaded. > > So that data isn't going to change when the program is running or > > would you like to do a dns query for every connection you get? > > > > 2. How are you going to handle forward and reversed dns? Think about > > multiple A-records, fake or no reversed DNS, etc. > > > > 3. If fqdn is being checked when the db gets a connection people can > > break in when you only check reversed dns. > > > > 4. Who is going to ensure me that dns isn't compromised somewhere down > > the line? > > > > This are just a few things, but I'm wondering. > > -- > Randall Perry > sysTame > > Xserve Web Hosting/Co-location > Website Development/Promotion > Mac Consulting/Sales > > http://www.systame.com/ > > > ---------------------------(end of broadcast)--------------------------- > TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org >
В списке pgsql-admin по дате отправления: