Jsp, Tomcat, J2Ee, Linux Web Hosting, Hibernate Programming Blog

654 CHAPTER 29 SECURING POSTGRESQL The pg_hba.conf File Client authentication is controlled by the pg_hba.conf file, which is typically found in the data directory of the PostgreSQL server. By default, the pg_hba.conf file is set to allow connections from the local machine only, but it gives you the flexibility to handle extremely complex connection requirements. The basic format of pg_hba.conf is a list of single-line entries, with each entry containing a number of fields separated by tabs or spaces. Each line in the file represents an allowed connection, based on several different specified parameters. In this section, we take a more detailed look at each of the parts of a pg_hba.conf entry: TYPE: Describes the type of connection: local: Can only be made on the local Unix socket. host: Made via TCP/IP. You must also specify an address for PostgreSQL to listen on via the listen_addresses variable in the postgresql.conf file for TCP/IP connections to work. hostssl and hostnossl: Variants of the host connection that are used in conjunction with SSL connectivity; these are discussed later in this chapter. DATABASE: Specifies which database or databases the user is allowed to connect to. Multiple databases can be specified with a comma-separated list of database names. You can also use one of several keywords for further options: all: Signifies that the user can connect to all databases in the system. sameuser: Means that the user can only connect to a database with the same name as the user connecting. samegroup: Signifies that the user must belong to the group with the same name as the database they are attempting to connect to. USER: Specifies which user or users the specified connection rule applies to. Multiple users can be specified by using a comma-separated list of usernames. To use a group name, you should append a + to the name of the group. You can also use the keyword all to have the rule apply to all users. CIDR-ADDRESS: Specifies which client machines the given connection rule applies to. The format is that of a numeric IP address followed by a valid CIDR mask length (e.g., 192.168.21.12/32). Note that bits to the right of the CIDR mask must be zero, and there cannot be any white space between the IP address, the /, and the mask. For example, if you wanted anyone on your local subnet to be able to connect, you would write the entry as 172.21.1.0/24. This field applies only to TCP/IP-based connection types. IP-ADDRESS + IP-MASK: As an alternative to the CIDR-ADDRESS notation, you can use separate IP-ADDRESS and IP-MASK entries. Using this notation, our example would look like 172.21.1.0 for the IP-ADDRESS field and 255.255.255.0 for the mask. Like the CIDR-ADDRESS notation, these fields apply only to TCP/IP-based connection types.
We recommend high quality webhost to host and run your jsp application: christian web host services.

This entry was posted on Thursday, May 22nd, 2008 at 1:05 pm and is filed under Linux. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.