Hey Guys Thank you for the feedback. Some of these tools are for major DB-administration - a little overkill for our use right now but thank you. Have a great day!
Greg On Tue, Mar 4, 2014 at 11:48 PM, Bob Jolliffe <bobjolli...@gmail.com> wrote: > Here is an example of some pg_hba.conf settings with comments which people > might find useful. The database in this case is on a separate server. The > application server (with tomcat and all) is on a machine called appserver > on 192.168.1.102. Other machines we want to allow to connect from the > office are on the 192.168.2.0 subnet. > > # do peer identification on unix domain (local) sockets > local all postgres peer > local all all peer > > # you need the following if you have dhis running on same machine as > database server > # because its java it can't use the unix domain sockets above, so we allow > direct non-ssl > # connection through tcp socket with password > # IPv4 local connections: > host all all 127.0.0.1/32 md5 > # IPv6 local connections: > host all all ::1/128 md5 > > # special treatment for our appserver - it is in the same cabinet as the > db server connected via local backplane so we allow > # non-ssl connection from this machine only which is something of a speed > vs security tradeoff > host all all 192.168.1.102/32 md5 > > # allow MOH lan to connect but must use ssl > hostssl all all 192.168.2.0/24 md5 > # Only if you must - allow world to connect but definitely must use ssl > # I don't really like this, but frequently people want it because they > want to connect through various routes > # At the very least we insist on ssl > # hostssl all all 0.0.0.0/0 md5 > > # This would be better, using ssl client cert, effectively equivalent to > Jason's openvpn > # It has the same headache of managing the distribution of client certs > # hostssl all all 0.0.0.0/0 cert > > Thats it. At least it reflects my understanding of postgres access > settings. Happy to accept improvements and/or clarifications. > > Bob > > > > > On 4 March 2014 18:40, Jason Pickering <jason.p.picker...@gmail.com>wrote: > >> We have used OpenVPN/IPSec to allow direct access to the database for >> those users who need it. Therefore users do not need shell access and >> strong certificates can be used. This was viewed as a lower security risk >> than having PHP on the server or by opening up the database itself >> directly. Might also be a route to consider. >> >> Regards, >> Jason >> >> --Sent from my mobile >> On Mar 4, 2014 8:02 PM, "Bob Jolliffe" <bobjolli...@gmail.com> wrote: >> >>> yes people talk highly of phpPgAdmin. It has some small benefit over >>> pgadminIII that you don't have to explicitly open up your pg_hba.conf >>> settings to the full range of user/hosts which might connect. >>> >>> I guess it would be a simple enough app to embed phpPgAdmin into some >>> sort of iframe for integration with dhis ... >>> >>> >>> On 4 March 2014 16:16, Jason Pickering <jason.p.picker...@gmail.com>wrote: >>> >>>> Hi Greg, >>>> You may want to check out phpPgAdmin. >>>> >>>> PgAdminIII could also of course be used by directly connecting to the >>>> database with an ODBC connection. >>>> >>>> Regards, >>>> Jason >>>> >>>> --Sent from my mobile >>>> On Mar 4, 2014 12:26 PM, "Greg Rowles" <greg.row...@gmail.com> wrote: >>>> >>>>> Hi Devs >>>>> >>>>> Is anyone aware of a web-based query gui-toolset? We have an 'IE' >>>>> designed tool here: >>>>> >>>>> http://hispsa.org/staging_timesheets/tablerels/viewtables.asp >>>>> >>>>> It only works on IE (sometimes) but at least allows users to see table >>>>> designs and edit SQL syntax. We're looking at something that we can >>>>> plug-in >>>>> ontop of DHIS2 for our advanced users... >>>>> >>>>> Any responses will be appreciated... >>>>> >>>>> Thanks, >>>>> Greg >>>>> -- >>>>> >>>>> Business Intelligence Planner >>>>> *Health Information Systems Programme* >>>>> *- - - - - - - **- - - - - - - **- - - - - - - **- - - - - - - **- - >>>>> - - - * >>>>> Mobile : 073 246 2992 >>>>> Landline: 021 554 3130 >>>>> Fax: 086 733 8432 >>>>> Skype: gregory_rowles >>>>> >>>>> _______________________________________________ >>>>> Mailing list: https://launchpad.net/~dhis2-devs >>>>> Post to : dhis2-devs@lists.launchpad.net >>>>> Unsubscribe : https://launchpad.net/~dhis2-devs >>>>> More help : https://help.launchpad.net/ListHelp >>>>> >>>>> >>>> _______________________________________________ >>>> Mailing list: https://launchpad.net/~dhis2-devs >>>> Post to : dhis2-devs@lists.launchpad.net >>>> Unsubscribe : https://launchpad.net/~dhis2-devs >>>> More help : https://help.launchpad.net/ListHelp >>>> >>>> >>> > -- Business Intelligence Planner *Health Information Systems Programme* *- - - - - - - **- - - - - - - **- - - - - - - **- - - - - - - **- - - - - * Mobile : 073 246 2992 Landline: 021 554 3130 Fax: 086 733 8432 Skype: gregory_rowles
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
