You may want to consider using another server to access your database(s) which is publically accessable and keep your
databseserver access restricted. It would require controlling access with a middle layer such as Apache/ColdFusion,
Apache/PHPor Apache/Perl but your database would probably be more secure and your mobile users would only need an SSL
webbrowser.
-----------------------------------------------------------------
Bernie LaSalle
GCRC Informatics Core Director
University of Utah
50 North Medical Drive Rm 4R210 SOM
Salt Lake City, UT 84132
(801) 581-3670
>>> Randall Perry <rgp@systame.com> 05/09/03 07:51AM >>>
Ok, those are valid points.
What I'm trying to do is get access to the db for clients who are on the
road using connections with dynamic IPs, from a PC running an MS Access db
app. Dynamic DNS would have been an easy solution.
Any ideas how to achieve this in other ways?
> On Thu, May 08, 2003 at 06:40:14PM -0400, Randall Perry wrote:
>> I've discovered I can use URLs for an IP address in pg_hba.conf, and
>> everything works ok if the host can be resolved.
>>
>> If it can't be resolved I get the error:
>> psql: FATAL: Missing or erroneous pg_hba.conf file, see postmaster log for
>> details
>>
>> And then all tcp/ip is denied.
>>
>> That sucks -- means I can't use dynamic DNS. Anyone else think tcp/ip access
>> shouldn't break if a URL can't be resolved?
>
> IMHO support for fqdn should be removed.
>
> 1. FQDN's are mostly resolved when the configuration is being loaded.
> So that data isn't going to change when the program is running or
> would you like to do a dns query for every connection you get?
>
> 2. How are you going to handle forward and reversed dns? Think about
> multiple A-records, fake or no reversed DNS, etc.
>
> 3. If fqdn is being checked when the db gets a connection people can
> break in when you only check reversed dns.
>
> 4. Who is going to ensure me that dns isn't compromised somewhere down
> the line?
>
> This are just a few things, but I'm wondering.
--
Randall Perry
sysTame
Xserve Web Hosting/Co-location
Website Development/Promotion
Mac Consulting/Sales
http://www.systame.com/
---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org