Wednesday, November 16, 2005

Locking down PostgreSQL

In a previous post is noted how to restrict access to a Tomcat installation so that it could only be accessed from the local machine. Here is a little tip for how todo the same thing for PostgreSQL. This increases the security of these applications as you have to posses an account on the local machine to connect to the services. The interfaces that PostgreSQL listens on is configured in a file called postgresql.conf which is often located in /etc/postgresql/ to restrict connections to PostgreSQL add the following line: virtual_host = '' The restart PostgreSQL: /etc/init.d/postgresql restart You should then be able to check that PostgreSQL is only listening on the local interface with the command: # netstat -tln | grep 5432 which should give you:
tcp        0      0*               LISTEN

Monday, November 14, 2005

Events and WebServices

My notes from a very quick look at WS-Notifications / WS-Eventing. There are two specs for doing pretty much the same thing. You have something that produces events, for example with a light switch, the events might be light switched on, light switched off. With these specs other systems like the coffee maker (consumers) can register with the producer to receive events when something happens. An example use might be that when the coffee machine starts up it registers with the light switch to receive "on" events. Then when the light switch it turned on it sends an "on" event to the coffee machine so it brews some coffee. The light switch and the coffee machine would have to agree on a message format but the specs define how the registration works and what the outline of the events looks like. The producer looks after the list of consumers that want to be notified of events and when registration happens the consumer tells the producer where events should be sent to. Neither of these specs specify anything about what is in the contents of the notifications. They are similar to event listeners from the Java GUI world. Both the specs came out around 2004: