[postgis-users] connecting to postgis from remote machines

Mark Volz MarkVolz at co.lyon.mn.us
Wed Nov 21 07:33:37 PST 2012


Steve,

Thank you for the heads up on the security warning.  I was just trying to get things working with the software.  Soon I plan on looking at the database users and passwords.  Last I will try to look at the network / IP security.

The PostGIS database will be used internally to share data.  All the production data will be stored in File Geodatabases, so I can take some risk -but I would still like to avoid headaches if I can.   Would this be a better entry in pg_hba.conf?

host    postgis20     all     10.0.12.0/24   md5



Thanks again



Mark Volz
GIS Specialist

> Message: 17
> Date: Tue, 20 Nov 2012 14:46:48 -0500
> From: "Stephen V. Mather" <svm at clevelandmetroparks.com>
> To: "'PostGIS Users Discussion'" <postgis-users at lists.osgeo.org>
> Subject: Re: [postgis-users] connecting to postgis from remote
> 	machines
> Message-ID: <00f401cdc757$c7792560$566b7020$@com>
> Content-Type: text/plain;	charset="us-ascii"
> 
> Hi Mark,
> 	I really wouldn't recommend that, unless you are behind a firewall
> you really really really trust... .  Even then, I wouldn't recommend those
> settings.  At least restrict your subnet, and preferably which users as well
> (you can use an online subnet calculator, e.g.
> http://www.subnet-calculator.com/ to help with this).  With the settings you
> have you will (eventually) have someone doing things on your database that
> you never intended, and likely maliciously.  You can (and should) ping the
> PostgreSQL mailing list with recommended settings for listen addresses and
> basic (but sane) security practices.
> 
> Best,
> Steve
> 
> Stephen Mather
> Geographic Information Systems (GIS) Manager
> (216) 635-3243
> svm at clevelandmetroparks.com
> clevelandmetroparks.com
> 
> 
> 
> 
> -----Original Message-----
> From: postgis-users-bounces at lists.osgeo.org
> [mailto:postgis-users-bounces at lists.osgeo.org] On Behalf Of Mark Volz
> Sent: Tuesday, November 20, 2012 1:03 PM
> To: postgis-users at lists.osgeo.org
> Subject: Re: [postgis-users] connecting to postgis from remote machines
> 
> Hello,
> 
> I was able to allow remote connections by changing the listen address to * in
> postgresql, and adding the following line in pg_hba.conf
> 
> host	 all	 all	 all	 md5
> 
> 
> 
> Mark Volz
> GIS Specialist
> 
> 
> _______________________________________________
> postgis-users mailing list
> postgis-users at lists.osgeo.org
> http://lists.osgeo.org/cgi-bin/mailman/listinfo/postgis-users
> 
> 
> 
> 
> 
> ------------------------------
> 
> _______________________________________________
> postgis-users mailing list
> postgis-users at lists.osgeo.org
> http://lists.osgeo.org/cgi-bin/mailman/listinfo/postgis-users
> 
> 
> End of postgis-users Digest, Vol 129, Issue 20
> **********************************************


More information about the postgis-users mailing list