Secure PostgreSQL Server on INTRANET?

I am writing client server Xojo app that I intend to use with PostgreSQL. It only needs to accessed inside the company which is only one building. To keep this simple I don’t want to have to write and manage any middleware

The Machine it self may need tp reside on may need to be reachable from outside the company, but the DB server should not be.

What is there a simple way to do this? I am not net knowledgeable.

Thanks,
-Karen

by default postgres server only allows the machine on which it is installed to access the databases.
for other machines, you have to edit the pg_hba_conf file

1 Like

I’m not clear on the architecture here. Do you mean to say that you will have…

  • An office machine with PostgreSQL.
  • An office machine hosting a Xojo server app (which you are writing).
  • Machines hosting a Xojo client app (which you are writing), which may reside in the office or on the Internet, and which require access to the Xojo server app but not direct access to the PostgreSQL database?

On top of pg_hba.conf changes, you should also make sure the firewall only accepts connections on 5432 from inside your network.

Yes…

[/quote]

  • An office machine hosting a Xojo server app (which you are writing).
    [/quote]

No

The Xojo clients need direct access as I am not writing middleware. Because the clients are using direct access to the DB, my thought is allowing offsite access would be a big security hole…

Ideally it would be nice if a few people could have clients at home, but I don’t think that is a must have… but if there is an easy ways to set that up that would be great. We don’t have an IT department and I don’t know net/web stuff.

I am not doing a web app because I don’t have a licence, don’t know Web 2 (or web tech)…I did little bit with web 1 about 10 years ago but that was when the RB Web objective was to be more like desktop.

-Karen

Thanks Thom. I’ll see if that is possible (IT situation here is unusual)

-Karen

you will have MUCH more control of anything in a desktop xojo app than in a web xojo app !

I know… and I greatly prefer Desktop app UI’s.

But besides not having the deployment issues of a desktop app, a web app would mean only the web app would need to access to the DB server.

That said, beside the better UI I am going with desktop because that is what i know best and already have a license for.

-Karen

-Karen

you can use ssh to connect to postgresql from within xojo desktop. no need to open port 5432. MBS has a plugin for ssh