On Thu, April 25, 2013 14:35, Joseph wrote: > On 04/25/13 09:10, J. Roeleveld wrote: >>On Thu, April 25, 2013 07:48, Joseph wrote: >> >><SNIP> >> >>> I just tried as you suggested, the only active line in: pg_hba.conf >>> local all all trust >>> >>> anything else is commented out. I restarted the server but I still can >>> connect to postgresql from another computer via Firefox. >> >>Joseph, >> >>Let me put it in really simple terms: >>1) Firefox is NOT a database client, it can NOT connect to a database >>2) Firefox IS a webbrowser, it ONLY connects to a webserver >> >>This means, Postgresql will NOT see ANY connection made by Firefox. >> >>The website you have running ON TOP OFF apache makes the connection to >>Postgresql. >> >>Eg. it goes like the following: >> >>User <-> Firefox <-> Apache/website <-> Postgresql >> >>Any of the above can ONLY see their immediate neighbour. >> >>-- >>Joost > > So pg_hba.conf only controls direct connections to postgreSQL.
Correct. > Since "apache" group is in postgres user; apache was given permission to > access the database in this case py-passing the setting in pg_hba.conf Wrong, Postgresql does not check group-ownership. Your pg_hba.conf file will have a setting that allows Apache to connect. > Is there a way to force sequence: > Apache/website <-> pg_hba.conf <-> Postgresql Postgresql will always read the pg_hba.conf file and use that to determine who can and can not connect directly to Postgresql. -- Joost
