Can ActiveRecord connect to PostgreSQL remotely and protect the DB password?

前端 未结 3 929
粉色の甜心
粉色の甜心 2021-02-06 16:51

I have a PostgreSQL DB on a remote VPS server (CentOS 5) and I\'d like to connect to have a Rails application connect to it from my local Mac laptop. On my laptop, I have the Ac

相关标签:
3条回答
  • 2021-02-06 17:15

    Regardless of whether Postgres allows this functionality, you can enable a secure connection to a remote database by using SSH tunneling. Here's the gratuitous Stack Overflow paste-in from the Web docs:

    First make sure that an SSH server is running properly on the same machine as the PostgreSQL server and that you can log in using ssh as some user. Then you can establish a secure tunnel with a command like this from the client machine:

    ssh -L 3333:foo.com:5432 joe@foo.com The first number in the -L argument, 3333, is the port number of your end of the tunnel; it can be chosen freely. The second number, 5432, is the remote end of the tunnel: the port number your server is using. The name or IP address between the port numbers is the host with the database server you are going to connect to. In order to connect to the database server using this tunnel, you connect to port 3333 on the local machine:

    psql -h localhost -p 3333 postgres To the database server it will then look as though you are really user joe@foo.com and it will use whatever authentication procedure was configured for connections from this user and host. Note that the server will not think the connection is SSL-encrypted, since in fact it is not encrypted between the SSH server and the PostgreSQL server. This should not pose any extra security risk as long as they are on the same machine.

    In case you want more, you can find it online by searching for "SSL tunnel" or "postgres SSL tunnel". Here's the Postgres site where I got the above:

    http://www.postgresql.org/docs/current/static/ssh-tunnels.html

    To summarize for Rails, you would then do the following:

    1) In a terminal window, run the first ssh command above to establish the tunnel.

    2) Set your database props like so:

    development:
      adapter: postgresql
      database: journalapp_development
      username: xxx
      password: yyy
      host: localhost
      port: 3333
    
    0 讨论(0)
  • 2021-02-06 17:17

    If you connect to a PostgreSQL server over insecure channel you need to encrypt your communication with SSL or (as runako has explained) SSH Tunneling.

    0 讨论(0)
  • 2021-02-06 17:26

    I had a look online and there doesn't seem to be an option for what you're looking for and in fact the client library, libpq doesn't mention this either.

    My guess is that this is negotiated on your behalf within libpq. In any case, md5 is likely to be the default authentication method.

    0 讨论(0)
提交回复
热议问题