• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Paul Clapham
  • Devaka Cooray
  • Bear Bibeault
Sheriffs:
  • Junilu Lacar
  • Knute Snortum
  • Liutauras Vilda
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Piet Souris
Bartenders:
  • salvin francis
  • Carey Brown
  • Frits Walraven

Redirect remote user IP to Database?

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

I got Tomcat server and PostgreSQL database on this same server. Normally in logs and pg_stat_activity on database i have localhost IP.

Maybe this is strange question but is there a way to redirect remote user IP to Database?

For example i use Psi Probe to deploy Java Applications on Tomcat and there I got all sessions with proper remote IP clients.
 
Marshal
Posts: 4856
317
IntelliJ IDE Python Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I assume it's the application running on Tomcat that is communicating with the database? In that case it makes sense that your database activity log states the incoming connection as localhost, because that's exactly where it is coming from. Your Tomcat logs will record the incoming external IP address, so why do you want that information duplicated in your database logs? It would not be normal, and in my opinion no way desired, to 'spoof' the client IP of the incoming database connections.

Perhaps tell us why you want to do this?
 
Author
Posts: 119
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You mean simply getting the IP address of the end-user calling your application?

Check out: HttpServletRequest.getRemoteAddr()

But if you have a proxy in front of it, also check the headers: "X-FORWARDED-FOR" or "x-real-ip"....and then simply save the contents to the db.

does that help?
 
Rafał Kozyra
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I got Apache that redirect to Tomcat using HTTPS.

I just want that database create logs of SELECT, DELETE, UPDATES (changes in tables) with IP Address of remote user. Normally i could program this in my application but it would be much easier and faster using database.
 
Rafał Kozyra
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just want use for example database triggers to create logs of my application. But the problem is that i need some kind of identification (IP or user that make changes in database via application).
From yours answers i see that i will need do it my app.

Anyway thans for fast answers.
 
Saloon Keeper
Posts: 21944
149
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The SQL Slammer exploit that compromised many ATM (cashpoint) machines worked precisely because there was direct Internet access to the Microsoft SQL Server database. You should never give the Internet direct access to a database server.

If you write a web application in Java and do your database functions through that, you limit the amount of damage an intruder can do - at least if the app is well-written. The Tomcat server and database server don't have to be on the same machine, but the database server should not be visible on the general Internet, only on your local LAN.
 
Tim Cooke
Marshal
Posts: 4856
317
IntelliJ IDE Python Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I can understand how it would be useful to have log information on who caused the action that resulted in a db call and I've worked with an application that logs just that kind of info.

As has been mentioned before, your Servlet application has the means to obtain the incoming IP address, and of course the currently logged in user (if you have registered users), so the solution we implemented was to have the DAO code log out the details of the request it was about to make to the database. Something like:

You get the idea?
 
Then YOU must do the pig's work! Read this tiny ad. READ IT!
ScroogeXHTML 8.7 - RTF to HTML5 and XHTML converter
https://coderanch.com/t/730700/ScroogeXHTML-RTF-HTML-XHTML-converter
    Bookmark Topic Watch Topic
  • New Topic