Re: [ADMIN] Acess Control !

Поиск
Список
Период
Сортировка
От Vasanth R
Тема Re: [ADMIN] Acess Control !
Дата
Msg-id CAOC34s8D1ta=biCSmA04qNArUNkc=O3AQwG1z5KcScrfcbyw3A@mail.gmail.com
обсуждение исходный текст
Ответ на Re: [ADMIN] Acess Control !  (Elson Vaz <elsonlei@gmail.com>)
Список pgsql-admin
Дерево обсуждения
From the posted message on the second part of the test it is allowed to accept connection from 10.75.... And not reject.
On Wed, Oct 4, 2017 at 07:16 Elson Vaz <elsonlei@gmail.com> wrote:
Okay, thanks, so why not block the xpto connection coming from 10.75.15.60, as we can see, the first configuration could block it ??

# TYPE  DATABASE        USER         ADDRESS           METHOD
host       xpto                   system       10.72.18.0/24         reject
   host        xpto                   system       0.0.0.0/0                 reject 
   host       xpto                   system       10.75.15.60/32       md5
              host       all                       all             0.0.0.0/0               md5  

2017-10-04 10:01 GMT-01:00 Vasanth R <rvasanth@gmail.com>:
It is read from up to down until specific criteria is true. It stops there and doesn't read thru rest of the lines.

On Wed, Oct 4, 2017 at 06:41 Elson Vaz <elsonlei@gmail.com> wrote:
Good morning pinker,


Thank you for approch, but i maked this teste:
  1.  Reject xpto  connection from all adress and  after acept  xpto connection from this adress - result  = work good (lock connection for xtpo come from other adress and acept from this adress)

# TYPE  DATABASE        USER         ADDRESS           METHOD
host       xpto                   system       10.72.18.0/24         reject
   host        xpto                   system       0.0.0.0/0                 reject 
   host       xpto                   system       10.75.15.60/32       md5
              host       all                       all             0.0.0.0/0               md5  
 
 
  1.  acept xpto  connection from especific adress and  after reject from all connection - result = (acept all connection, that  come from all adress )

    # TYPE  DATABASE        USER         ADDRESS           METHOD
    host       xpto                   system       10.75.15.60/32       md5
                   host       all                       all             0.0.0.0/0                md5 
                   host       xpto                   system       10.72.18.0/24         reject
                   host        xpto                   system       0.0.0.0/0                 reject 


    So, maybe the read come from up to down? or have other explanation? i don't know, i use postgres 9.4.

    2017-10-03 20:55 GMT-01:00 pinker <pinker@onet.eu>:
    be careful with order change. This proposed by Scott was correct; yours will
    reject all the connections made by user system to xpto. Documentation says:

    > The first record with a matching connection type, client address,
    > requested database, and user name is used to perform authentication. There
    > is no "fall-through" or "backup": if one record is chosen and the
    > authentication fails, subsequent records are not considered.





    --
    Sent from: http://www.postgresql-archive.org/PostgreSQL-admin-f2076596.html


    --
    Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
    To make changes to your subscription:
    http://www.postgresql.org/mailpref/pgsql-admin

    --
    Thanks
    Vasanth

    --
    Thanks
    Vasanth

    В списке pgsql-admin по дате отправления:

    Предыдущее
    От: Elson Vaz
    Дата:
    Сообщение: Re: [ADMIN] Acess Control !
    Следующее
    От: "Keefer, Brad (ITS)"
    Дата:
    Сообщение: [ADMIN] replication issue