Re: Pg_hba and dynamic dns
| От | Bernie LaSalle |
|---|---|
| Тема | Re: Pg_hba and dynamic dns |
| Дата | |
| Msg-id | sebb62f5.053@gwdom2-med.med.utah.edu обсуждение исходный текст |
| Ответ на | Pg_hba and dynamic dns (Randall Perry <rgp@systame.com>) |
| Список | pgsql-admin |
You may want to consider using another server to access your database(s) which is publically accessable and keep your databseserver access restricted. It would require controlling access with a middle layer such as Apache/ColdFusion, Apache/PHPor Apache/Perl but your database would probably be more secure and your mobile users would only need an SSL webbrowser. ----------------------------------------------------------------- Bernie LaSalle GCRC Informatics Core Director University of Utah 50 North Medical Drive Rm 4R210 SOM Salt Lake City, UT 84132 (801) 581-3670 >>> Randall Perry <rgp@systame.com> 05/09/03 07:51AM >>> Ok, those are valid points. What I'm trying to do is get access to the db for clients who are on the road using connections with dynamic IPs, from a PC running an MS Access db app. Dynamic DNS would have been an easy solution. Any ideas how to achieve this in other ways? > On Thu, May 08, 2003 at 06:40:14PM -0400, Randall Perry wrote: >> I've discovered I can use URLs for an IP address in pg_hba.conf, and >> everything works ok if the host can be resolved. >> >> If it can't be resolved I get the error: >> psql: FATAL: Missing or erroneous pg_hba.conf file, see postmaster log for >> details >> >> And then all tcp/ip is denied. >> >> That sucks -- means I can't use dynamic DNS. Anyone else think tcp/ip access >> shouldn't break if a URL can't be resolved? > > IMHO support for fqdn should be removed. > > 1. FQDN's are mostly resolved when the configuration is being loaded. > So that data isn't going to change when the program is running or > would you like to do a dns query for every connection you get? > > 2. How are you going to handle forward and reversed dns? Think about > multiple A-records, fake or no reversed DNS, etc. > > 3. If fqdn is being checked when the db gets a connection people can > break in when you only check reversed dns. > > 4. Who is going to ensure me that dns isn't compromised somewhere down > the line? > > This are just a few things, but I'm wondering. -- Randall Perry sysTame Xserve Web Hosting/Co-location Website Development/Promotion Mac Consulting/Sales http://www.systame.com/ ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
В списке pgsql-admin по дате отправления: