I'm trying to give an external program access to my postgres database, but I'm throwing the following error:
SQL problems: Connection refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
I know that I need to add my IP address (or '*' for all addresses) to the listen_addresses parameter in the postgresql.conf file, but I'm not sure how to do that in PythonAnywhere... Any suggestions?
I can connect to the database in pgadmin using SSH, but that doesn't help me in this specific case. I really just need to be able to add addresses to the conf file. Is that possible in PA?
Hmm, good question. Right now I think that even if you could add the addresses to the conf file, you'd not be able to get in -- our firewall would block incoming Postgres connections, and the IP address that it [edit: your Postgres hostname] resolves to is internal to our network.
I think you could work around this by setting up an SSH tunnel running in a PythonAnywhere console, but console programs aren't guaranteed to keep running forever, so that might not work for your external program.
Sorting out external access to our Postgres databases would be tricky, and it's not something we could get working very quickly. What are you planning to use it for? Perhaps there's a workaround for your specific use case. I see you also sent us an email via the "Send feedback" link about this, so if you'd rather keep the details private then we can discuss over email.
I'm filling out some security documentation for my website on PA, which uses Postgres. Is it still the case that my Postgres instance on PA will refuse any incoming connection that isn't coming from my PA app? As in, without an SSH tunnel etc. it is not possible for any other machine to connect to my Postgres server? (This is what I want.)
Follow-up: is that connection between Postgres and my PythonAnywhere app encrypted? Such as by "setting ssl parameter to "on" in postgresql.conf".
Your Postgres instance cannot be accessed by hosts on the public Internet, but it could in theory be accessed by someone logged in to another PythonAnywhere account if they had access to the password and the hostname/port combination.
It looks like connections to Postgres databases are not currently encrypted. That's something we should change, I think, but I also don't think it's a risk right now -- it's just something we should fix for the sake of completeness. The reason I don't think it's currently a serious issue is that users on PythonAnywhere servers do not have the necessary permissions to sniff network traffic, and the connections are made entirely within our private network.
All that said, I've made sure that providing encrypted connections to Postgres within our network is in our issue tracker with a high priority, because encrypting everything, even within our network, is definitely best practice.
I agree, thanks!
giles
|
12074
posts
|
PythonAnywhere staff
|
jgiuffrida
|
13
posts
|
