I have a PostgreSQL DB on a remote VPS server (CentOS 5) and I'd like to connect to have a Rails application connect to it from my local Mac laptop. On my laptop, I have the ActiveRecord PostgreSQL adapter installed -- postgres (0.7.9.2008.01.28)
.
I read in the PostgreSQL docs:
The password-based authentication methods are md5, crypt, and password. These methods operate similarly except for the way that the password is sent across the connection: respectively, MD5-hashed, crypt-encrypted, and clear-text.
[...]
If you are at all concerned about password "sniffing" attacks then md5 is preferred...Plain password should be avoided especially for connections over the open Internet (unless you use SSL, SSH, or another communications security wrapper around the connection).
In a standard Rails database.yml
would have something like this for a localhost connection...
development:
adapter: postgresql
database: journalapp_development
username: xxx
password: yyy
host: localhost
But there's nothing in there about the authentication method discussed in the PostgreSQL docs. Is there as option to have something like "auth_method: md5
"?
Regardless of whether Postgres allows this functionality, you can enable a secure connection to a remote database by using SSH tunneling. Here's the gratuitous Stack Overflow paste-in from the Web docs:
First make sure that an SSH server is running properly on the same machine as the PostgreSQL server and that you can log in using ssh as some user. Then you can establish a secure tunnel with a command like this from the client machine:
ssh -L 3333:foo.com:5432 [email protected] The first number in the -L argument, 3333, is the port number of your end of the tunnel; it can be chosen freely. The second number, 5432, is the remote end of the tunnel: the port number your server is using. The name or IP address between the port numbers is the host with the database server you are going to connect to. In order to connect to the database server using this tunnel, you connect to port 3333 on the local machine:
psql -h localhost -p 3333 postgres To the database server it will then look as though you are really user [email protected] and it will use whatever authentication procedure was configured for connections from this user and host. Note that the server will not think the connection is SSL-encrypted, since in fact it is not encrypted between the SSH server and the PostgreSQL server. This should not pose any extra security risk as long as they are on the same machine.
In case you want more, you can find it online by searching for "SSL tunnel" or "postgres SSL tunnel". Here's the Postgres site where I got the above:
http://www.postgresql.org/docs/current/static/ssh-tunnels.html
To summarize for Rails, you would then do the following:
1) In a terminal window, run the first ssh command above to establish the tunnel.
2) Set your database props like so:
development:
adapter: postgresql
database: journalapp_development
username: xxx
password: yyy
host: localhost
port: 3333
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With