Karl Wright wrote:
I have a situation where I need postgres to LISTEN and allow BINDs to
its TCP/IP port (5432) only to connections that originate from
localhost. I need it to not accept *socket* connections if requests
come in from off-box. If I try to set up pg_hba.conf such that it
rejects off-box requests, it seems to do this after it permits the
socket connection, and that won't do for our security geeks here.
try listen_addresses = 'localhost' in your postgresql.conf
For example, here's the difference:
kwright@merrimack:~$ curl http://duck37:5432
curl: (52) Empty reply from server
kwright@merrimack:~$ curl http://duck37:5433
curl: (7) couldn't connect to host
kwright@merrimack:~$
Note that the outside world seems to be able to connect to 5432 just
fine, although any *database* connections get (properly) rejected.
I cannot turn off TCP/IP entirely because I have a Java application that
uses JDBC.
Can somebody tell me whether this is an innate capability of postgres,
or whether I will need to modify the base code (and if so, WHERE I would
modify it?)
Thanks,
Karl Wright
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@xxxxxxxxxxxxxx so that your
message can get through to the mailing list cleanly
--
- Rich Doughty
