Re: How to select the source ip address for a connection to the database server
| От | Dimitris Sakellarios |
|---|---|
| Тема | Re: How to select the source ip address for a connection to the database server |
| Дата | |
| Msg-id | 12E9260ACD7842DEA90BE7B37A529DC9@toshiba обсуждение исходный текст |
| Ответ на | Re: How to select the source ip address for a connection to the database server (Greg Stark <gsstark@mit.edu>) |
| Список | pgsql-php |
Greg and Anrew thanks for your concern on the issue. Indeed selecting the source interface - ip would be a great option since for me (but many other) trying to connect to a secure postgresql server over internet is must accompanied with username + password + ssl but it is one more L3 criteria. And also I feel sure that my application will run whatever the server admin changes. Pls let me know if any modification in libpq code could help to bind address or interface alias temporary. DS -----Original Message----- From: gsstark@gmail.com [mailto:gsstark@gmail.com] On Behalf Of Greg Stark Sent: Thursday, September 03, 2009 3:51 PM To: Andrew McMillan Cc: dimitris.sakellarios@telesuite.gr; pgsql-php@postgresql.org Subject: Re: How to select the source ip address for a connection to the database server On Thu, Sep 3, 2009 at 12:31 PM, Andrew McMillan<andrew@morphoss.com> wrote: > Nope, unless you're root you're unlikely to be able to choose the source > address for your connection, and even then it would be tricky. I don't think you need to be root to select a source address. But that's not helpful since libpq doesn't support binding to a particular interface. That would be a useful feature and we should probably add it to the TODO. You should note that the source address isn't actually a very secure way to protect your connections since any other host on that network could spoof your address. It sounds like what you're looking for is to control the interface the packets are routed through. This is separate from the source address as packets are often routed through multiple hosts along their way. Routing rules are not something individual applications normally get involved in. If the connections are being routed through the wrong interface then you have a global problem, not just with the database and it requires system-wide configuration changes. -- greg http://mit.edu/~gsstark/resume.pdf __________ Information from ESET NOD32 Antivirus, version of virus signature database 4393 (20090904) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 4394 (20090904) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com
В списке pgsql-php по дате отправления: