"D'Arcy J.M. Cain" <da...@druid.net> writes:
> On Mon, 09 May 2016 17:12:22 -0400
> Tom Lane <t...@sss.pgh.pa.us> wrote:
>> If the same user id + database combinations might be valid in both
>> cases (from both PHP and manual connections) I think your only other
>> option for distinguishing which auth method to use is to make them
>> come in on different addresses.  Can you set up a secondary IP
>> interface that only the PHP server uses, for example?

> I did think of that but how do I define that in pg_hba?  The host field
> only specifies the remote IP, not the local one.

Right, but you'd be using it essentially as a loopback interface.
Say you set it up as --- you'd tell PHP to connect to
Postgres on, and Postgres would also see the PHP connections
as coming in from

I think on most modern OSes you can set up this sort of thing entirely in
software, not even needing a spare NIC card.  I haven't done it that way

> I had an idea that that wouldn't be so easy else we would have had it
> by now.  However, I am not sure that that is what is needed.  I was
> thinking of something like this:

> host    all       joe@nobody       password
> host    all       all       ident  

> The "all@nobody" field is meant to specify that the remote user is
> nobody but that they are connecting as user joe.

As John noted, we don't have any idea what the "remote username" is
at the time we're scanning pg_hba.conf.

                        regards, tom lane

Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:

Reply via email to