Re: [gentoo-user] PosgreSQL - pg_hba.conf localhost access only

[Joseph]

On 04/25/13 00:16, Dustin C. Hatch wrote:
On 4/24/2013 19:23, Joseph wrote:
The above is not correct as users from any machine on a local network
can connect to my database.
In the scenario you described, as Joost explained, the users on your
network are *not* connecting to your database; they are connecting to a
website. The web server is connecting to the database on their behalf.
PostgreSQL's host-based authentication controls only who access the
database directly, not who access the applications that use it.

If I put a line in pg_hba.conf
host all 127.0.0.1 255.255.255.255 trust

This line is not valid. pg_hba.conf entries take the form

type    database        user    [address]       method  [options]

"type" can be 'local' (connections over a Unix socket), 'host'
(connections over TCP, maybe using SSL), 'hostssl' (connections over TCP
using SSL), 'hostnossl' (connections over TCP not using SSL).

To achieve what I think you are looking for, just remove all lines from
pg_hba.conf except this one::

    local       all     all     trust

This will prevent anyone from connecting to your databases using TCP at
all. If you really need TCP from the localhost instead of Unix sockets,
you can also add this line::

I just tried as you suggested, the only active line in: pg_hba.conf 
local     all     all     trust

anything else is commented out. I restarted the server but I still can connect 
to postgresql from another computer via Firefox.
I'm trying to produce meaning-full report to see if I can record remote 
connection from external computer so I have enable in: postgresql.conf

max_connections = 100               
shared_buffers = 24MB         
log_destination = 'syslog'      
logging_collector = on      
log_directory = 'pg_log'      
log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'   
log_file_mode = 0600         
syslog_facility = 'LOCAL0'
syslog_ident = 'postgres'
client_min_messages = notice      
log_min_messages = notice      
log_checkpoints = on
log_connections = on
log_disconnections = on
log_error_verbosity = verbose       
log_hostname = on
datestyle = 'iso, mdy'
lc_messages = 'en_US.UTF-8'         
lc_monetary = 'en_US.UTF-8'         
lc_numeric = 'en_US.UTF-8'         
lc_time = 'en_US.UTF-8'            
default_text_search_config = 'pg_catalog.english'

But I don't see any indication in any report which computer is the connection 
coming from.

--
Joseph