Postgresql – How does postgres host based authentication work

pg-hba.confpostgresql

This is a duplicate of: https://stackoverflow.com/questions/55804806/how-does-postgres-host-based-authentication-work

(I was asked to shift this query to DBA.Stackexchange)

I am installing DSPACE which needs Postgresql.

Please see this link: DSPACE INSTALL

It says:

Then tighten up security a bit by editing pg_hba.conf and adding this line:
host dspace dspace 127.0.0.1 255.255.255.255 md5. 

I have read on the internet as to how the above line works. It needs a connection type followed by database name/user name followed by IP address and the authentication scheme.

My query is: Should this not be a local (in place of host) connection since the dspace user is running locally?

Can someone show me step by step as to what happens when a request comes in?
Where are the instructions that the dspace user will submit a request using md5?

Best Answer

A local connection uses a Unix-domain socket; a host connection uses TCP. The linked page says that

you need to enable TCP/IP connections (DSpace uses JDBC)

… because JDBC does not have built-in support for Unix-domain sockets.

As long as a connection is allowed only from localhost (as configured in pg_hba.conf) and only to localhost (as configued by listen_addresses), it is as secure as a local connection.

The md5 is just an option that specifies how the password is to be encrypted during the connection setup; this is handled automatically by the JDBC driver. For a local connection, or for a connection over SSL, this does not really matter.

Best Answer

Related Solutions

Postgresql – Howto disable Postgres listening on TCP

Postgresql – a local replication entry doesn’t work

Related Question