TubeSock

Security

Databases – Practical PostgreSQL – The pg_hba.conf file

Databases – Practical PostgreSQL – The pg_hba.conf file

Source: Databases – Practical PostgreSQL – The pg_hba.conf file

I recently had a job to do in which I was required to connect to a Postgresql server and run some queries to find some critical data for the team. I wasn’t provided with a logon or any other information about the tables or schema.

Well thank goodness for my old friend google or I wouldn’t have stood a chance against this problem.

What I learned is that without some modifications to a conf file, you will never, ever connect to a database remotely. You may have success connecting from the command line and might be wondering why you can login to the postgres console, but the exact same creds are failing constantly when trying to connect any other way.

Turns out remote connections require the connection mode to be set to ident or trust to either identify or allow the connection based on the user connection manner and credentials used. Without this knowledge you can easily spend a lot of time troubleshooting something that is actually very straight forward.

I didn’t completely understand the issue until I actually setup and installed Postgresql for myself on my vmware homelab.

These two sources were indispensable in my training:

Digital Ocean:

https://www.digitalocean.com/community/tutorials/how-to-install-and-use-postgresql-on-centos-7

https://www.digitalocean.com/community/tutorials/how-to-use-roles-and-manage-grant-permissions-in-postgresql-on-a-vps–2

Godaddy

https://www.godaddy.com/garage/tech/config/how-to-install-postgresql-on-centos-7/

Once I actually set everything up for myself the first it all made a lot more sense. I was able to try all the different scenarios without the fear of breaking production. All in all this was a great learning experience.

These articles are for setting up Postgresql on Centos 7 but there are many other articles out there with similar information for debian or earlier releases.

So get up in them guts and have a poke. I hope you go mildly insane with your new found sql query power.

Categories: Computers, Management, Personal Development, Programming, Security, Technology

Blow my mind

How did the NSA hack our emails?

Yeah… ya know… modular arithmetic.

Well it was in NIST white papers all along, how did you miss it?

NIST.Gov is a really good read. If you read it more you would have known how easy it was to read everyone’s email wouldn’t you?

What else are we missing under our noses? I’ll read Nist now and let you know.

Categories: Computers, Cryptography, Math, Security

Blow my mind

The dark side of the web — exploring darknets | Kyle Terry | TEDxSalem

Apparently 99% of the internet is darkweb filth. (If you need to ask then no explanation will suffice)

I’m not a particularly judgmental person and think to each his own especially when it comes to one’s leisure activities. But if you’re not alarmed when you encounter the dark web there’s something really wrong with and you need to seek professional help. Seriously, if you think it’s just funny, stop reading and go tell your doctor.

When Tim Berners-Lee invented the web (sorry Al Gore, I know you’re pretty important too) he wanted the greatest minds on the planet to document, collaborate and share. He wanted to cure diseases and discover alternate sources of energy. It’s unfortunate that the power of computer networks has been corrupted by the world’s most evil people and organizations.

The implication is that now everyone is being spied on constantly by the NSA, CSIS and God knows who else. If you haven’t been paying attention, too bad, too late, you said you’re ok with it and gave away your rights without even know it happened.

There’s a lot of reasons your government would want to know what you’re thinking. Chances are you wouldn’t want anyone knowing what you’re doing on the internet (the internet is 80% porn). If you’re generally uneducated on the topic, and a racist who lives in constant fear of terror attacks then you might be motivated to say go right ahead and spy on me please. (maybe?)

The funny thing is, the world’s evil doers don’t even use the regular public internet connections we use that get spied on (obviously). In fact, they use the highly encrypted and untraceable deep web technology that our own government developed, then released to the public. (true story)

As I said, this is not intended to be political, but I say we take the internet back by filling it with the best concepts and ideas we have to offer. It’s unfortunate but in some cases where free speech and human rights are not granted freely that means using anonymity and there are a lot of reasons why anonymizing technology can be used for good.

In order to empower our democratic process the population can’t be spied on and treated like criminals.

I urge everyone to find out what this means. Learn about net neutrality and modular math to know how to be a safe and responsible internet citizen.

I’m just new to this and learning but would love to learn more. Please leave a comment about other important information that should be public knowledge. Let’s play safe and keep each other from getting hurt.

Please don’t send me to irc rooms. 🙂

Categories: Computers, Linguistics, Philosophy, Privacy, Security

Blow my mind