0

I need your help on correctly setup pg_hba.conf for 2 specific postgres servers on different networks. The first server is on local network and the second is on a Cloud server.

Since I will have to setup syncronization between them, I must make sure that both can communicate.

The 'listen_address' is already setup to '*', on postgresql.conf.

My question is, if I add:

host all all 0.0.0.0/0 trust

...to the pg_hba.conf file on both servers will they communicate free of errors?

Perhaps this is not the best way to do it, but since this is for testing purposes perhaps solves my problem for now. Any better and safest solution please?

Thank you all

Regards

Paulo Matos

pmatos
  • 276
  • 4
  • 18
  • I would not leave a cloud server wide open like that even just for testing purposes. But anyway, what happened when you tried it? If it worked, then it worked. If it didn't, then you can tell us what error message you got. – jjanes Aug 18 '14 at 16:23
  • Thank you jjanes. Based on your answer, I will not even try it, but my problem is that one of the servers does not have a public static IP. The IP address for that server is achieved by dyndns.org and I do not know which ip address to put on the pg_hba.conf. The only static IP I have is for the Cloud server. – pmatos Aug 18 '14 at 18:22

1 Answers1

0

Since you do not have a static IP for the system connecting to the database, then you should use some method other than "trust". You can use md5, and put the password into a .pgpass file on the client.

You could put the client's host name, rather than IP address, in the 4th field. But that requires a reverse DNS to work correctly (I don't know if dyndns.org supports that) and I've found it overly fiddly and unreliable.

You probably also want to use SSL ("hostssl"). Using md5 will kind of protect your password, but an eavesdropper can still see all the queries you send and all the responses to them.

jjanes
  • 37,812
  • 5
  • 27
  • 34