Restricting client access to the PostgreSQL database

By default, PostgreSQL is configured to allow encrypted and non-encrypted communications from any other computer. To increase security, you can restrict access to encrypted connections only and a subset of specific IP addresses.

You can change the connection settings to restrict client access from the following locations:

  • pg_hba.conf configuration file
  • pgAdmin

Restrict client access using the configuration file

  1. Stop the AX_Database service.
  2. From the pgsql96\data sub-folder of the PostgreSQL installation, open the pg_hba.conf configuration file in a text editor.
  3. At the bottom of the configuration file, update the permitted connections.

    For more information, see the PostgreSQL documentation.

    Tip

    To require SSL connections, change the first value in the default setting from host to hostssl.

  4. Save the changes to the configuration file and start the AX_Database service.

Restrict client access using pgAdmin

  1. Stop the AX_Database service and open pgAdmin.
  2. From the menu, select File > Open pg_hba.conf.

    The default file location is c:\ACL\App\pgsql96\data.

  3. In the Backend Access Configuration Editor dialog box, select the entry you want to change.
  4. In the Client Access Configuration dialog box, enter the following information:
    • Enabled select this setting
    • Type to restrict connections to SSL encryption only, select hostssl
    • Database select all
    • User select all
    • IP Address enter the IP address or the range of IP addresses you want to allow connections from
    • Method select md5
  5. Click OK and in the Backend Access Configuration Editor dialog box, click File > Save.
  6. Start the AX_Database service.