dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #28350
Re: Web GUI for Query Development
Here is an example of some pg_hba.conf settings with comments which people
might find useful. The database in this case is on a separate server. The
application server (with tomcat and all) is on a machine called appserver
on 192.168.1.102. Other machines we want to allow to connect from the
office are on the 192.168.2.0 subnet.
# do peer identification on unix domain (local) sockets
local all postgres peer
local all all peer
# you need the following if you have dhis running on same machine as
database server
# because its java it can't use the unix domain sockets above, so we allow
direct non-ssl
# connection through tcp socket with password
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# special treatment for our appserver - it is in the same cabinet as the db
server connected via local backplane so we allow
# non-ssl connection from this machine only which is something of a speed
vs security tradeoff
host all all 192.168.1.102/32 md5
# allow MOH lan to connect but must use ssl
hostssl all all 192.168.2.0/24 md5
# Only if you must - allow world to connect but definitely must use ssl
# I don't really like this, but frequently people want it because they want
to connect through various routes
# At the very least we insist on ssl
# hostssl all all 0.0.0.0/0 md5
# This would be better, using ssl client cert, effectively equivalent to
Jason's openvpn
# It has the same headache of managing the distribution of client certs
# hostssl all all 0.0.0.0/0 cert
Thats it. At least it reflects my understanding of postgres access
settings. Happy to accept improvements and/or clarifications.
Bob
On 4 March 2014 18:40, Jason Pickering <jason.p.pickering@xxxxxxxxx> wrote:
> We have used OpenVPN/IPSec to allow direct access to the database for
> those users who need it. Therefore users do not need shell access and
> strong certificates can be used. This was viewed as a lower security risk
> than having PHP on the server or by opening up the database itself
> directly. Might also be a route to consider.
>
> Regards,
> Jason
>
> --Sent from my mobile
> On Mar 4, 2014 8:02 PM, "Bob Jolliffe" <bobjolliffe@xxxxxxxxx> wrote:
>
>> yes people talk highly of phpPgAdmin. It has some small benefit over
>> pgadminIII that you don't have to explicitly open up your pg_hba.conf
>> settings to the full range of user/hosts which might connect.
>>
>> I guess it would be a simple enough app to embed phpPgAdmin into some
>> sort of iframe for integration with dhis ...
>>
>>
>> On 4 March 2014 16:16, Jason Pickering <jason.p.pickering@xxxxxxxxx>wrote:
>>
>>> Hi Greg,
>>> You may want to check out phpPgAdmin.
>>>
>>> PgAdminIII could also of course be used by directly connecting to the
>>> database with an ODBC connection.
>>>
>>> Regards,
>>> Jason
>>>
>>> --Sent from my mobile
>>> On Mar 4, 2014 12:26 PM, "Greg Rowles" <greg.rowles@xxxxxxxxx> wrote:
>>>
>>>> Hi Devs
>>>>
>>>> Is anyone aware of a web-based query gui-toolset? We have an 'IE'
>>>> designed tool here:
>>>>
>>>> http://hispsa.org/staging_timesheets/tablerels/viewtables.asp
>>>>
>>>> It only works on IE (sometimes) but at least allows users to see table
>>>> designs and edit SQL syntax. We're looking at something that we can plug-in
>>>> ontop of DHIS2 for our advanced users...
>>>>
>>>> Any responses will be appreciated...
>>>>
>>>> Thanks,
>>>> Greg
>>>> --
>>>>
>>>> Business Intelligence Planner
>>>> *Health Information Systems Programme*
>>>> *- - - - - - - **- - - - - - - **- - - - - - - **- - - - - - - **- - -
>>>> - - *
>>>> Mobile : 073 246 2992
>>>> Landline: 021 554 3130
>>>> Fax: 086 733 8432
>>>> Skype: gregory_rowles
>>>>
>>>> _______________________________________________
>>>> Mailing list: https://launchpad.net/~dhis2-devs
>>>> Post to : dhis2-devs@xxxxxxxxxxxxxxxxxxx
>>>> Unsubscribe : https://launchpad.net/~dhis2-devs
>>>> More help : https://help.launchpad.net/ListHelp
>>>>
>>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~dhis2-devs
>>> Post to : dhis2-devs@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~dhis2-devs
>>> More help : https://help.launchpad.net/ListHelp
>>>
>>>
>>
Follow ups
References