Secure PostgreSQL Server on INTRANET?

KarenA · November 15, 2021, 7:21pm

I am writing client server Xojo app that I intend to use with PostgreSQL. It only needs to accessed inside the company which is only one building. To keep this simple I don’t want to have to write and manage any middleware

The Machine it self may need tp reside on may need to be reachable from outside the company, but the DB server should not be.

What is there a simple way to do this? I am not net knowledgeable.

Thanks,
-Karen

Jean-Yves_Pochez · November 15, 2021, 8:22pm

by default postgres server only allows the machine on which it is installed to access the databases.
for other machines, you have to edit the pg_hba_conf file

MarkusR · November 16, 2021, 7:00am

Daniel_Taylor · November 16, 2021, 7:15am

I’m not clear on the architecture here. Do you mean to say that you will have…

An office machine with PostgreSQL.
An office machine hosting a Xojo server app (which you are writing).
Machines hosting a Xojo client app (which you are writing), which may reside in the office or on the Internet, and which require access to the Xojo server app but not direct access to the PostgreSQL database?

Thom_McGrath · November 16, 2021, 7:55am

On top of pg_hba.conf changes, you should also make sure the firewall only accepts connections on 5432 from inside your network.

KarenA · November 16, 2021, 1:20pm

Yes…

[/quote]

An office machine hosting a Xojo server app (which you are writing).
[/quote]

No

The Xojo clients need direct access as I am not writing middleware. Because the clients are using direct access to the DB, my thought is allowing offsite access would be a big security hole…

Ideally it would be nice if a few people could have clients at home, but I don’t think that is a must have… but if there is an easy ways to set that up that would be great. We don’t have an IT department and I don’t know net/web stuff.

I am not doing a web app because I don’t have a licence, don’t know Web 2 (or web tech)…I did little bit with web 1 about 10 years ago but that was when the RB Web objective was to be more like desktop.

-Karen

KarenA · November 16, 2021, 1:22pm

Thanks Thom. I’ll see if that is possible (IT situation here is unusual)

-Karen

Jean-Yves_Pochez · November 16, 2021, 5:53pm

you will have MUCH more control of anything in a desktop xojo app than in a web xojo app !

KarenA · November 16, 2021, 6:35pm

I know… and I greatly prefer Desktop app UI’s.

But besides not having the deployment issues of a desktop app, a web app would mean only the web app would need to access to the DB server.

That said, beside the better UI I am going with desktop because that is what i know best and already have a license for.

-Karen

nicolás_canessa · November 17, 2021, 12:00am

you can use ssh to connect to postgresql from within xojo desktop. no need to open port 5432. MBS has a plugin for ssh