Re: Java proxies connection to postgres
| От | Samuel Gendler |
|---|---|
| Тема | Re: Java proxies connection to postgres |
| Дата | |
| Msg-id | AANLkTin=ra9vcUZyNmiFiXGt5K-=n=Sz3ezjdic83cNc@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Java proxies connection to postgres ("Donald Fraser" <postgres@kiwi-fraser.net>) |
| Ответы |
Re: Java proxies connection to postgres
Re: Java proxies connection to postgres |
| Список | pgsql-jdbc |
The problem with using an HTTP proxy to proxy a connection to your database server is that an http proxy is surely counting on the protocol to be http. I imagine that just about any proxy made since 1995 supports arbitrary port numbers, but that really sin't sufficient. A proxy that is expecting to read and parse http headers such as content-length and connection will totally fail to behave correctly if those headers are not available. You need, at minimum, what is called a SOCKS proxy. A SOCKS proxy basically does nothing but look at both sides of the proxied connection and blindly forward any bytes from one side to the other. That will be able to handle most protocols. An ssh tunnel is effectively a socks proxy across an ssh connection. There are also other SOCKS proxies available. There's a decent description of the difference between socks and http proxies here: http://en.wikipedia.org/wiki/SOCKS The reason you are sometimes able to get a http proxy to function with postgres via https on port 443 is because I imagine that most proxies will drop into a socks-like mode when proxying https since they will be unable intercept and interpret the content of the https requests traversing the connection, since they'll be encrypted. As such, it just forwards packets back and forth. On Mon, Aug 9, 2010 at 4:47 AM, Donald Fraser <postgres@kiwi-fraser.net> wrote: > Please look at the attached source taken from a patched version of the 7.4 > driver, which is a little out of date with respect to the latest drivers. > However it gives you the idea of what you need to do in order to modify one > of the latest drivers. > The main problem with all HTTP style proxies is that you can only specify > ports 80, 443 and sometimes 8080 and or 8000. > I've spent a lot of time with proxies and to get a reliable connection you > need to use SSL on port 443. > This means you must redirect incomming requests, on the firewall that serves > requests to your PostgreSQL server, from port 443 to port 5432. Which also > means that you cannot have a secure web-server on the same IP address as > your PostgreSQL server! > > Regards > Donald Fraser > > > -- > Sent via pgsql-jdbc mailing list (pgsql-jdbc@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-jdbc > >
В списке pgsql-jdbc по дате отправления: