• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Knute Snortum
  • Bear Bibeault
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Frits Walraven
  • Carey Brown
  • Tim Holloway

Redirect remote user IP to Database?

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

I got Tomcat server and PostgreSQL database on this same server. Normally in logs and pg_stat_activity on database i have localhost IP.

Maybe this is strange question but is there a way to redirect remote user IP to Database?

For example i use Psi Probe to deploy Java Applications on Tomcat and there I got all sessions with proper remote IP clients.
 
Sheriff
Posts: 4633
300
IntelliJ IDE Clojure Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I assume it's the application running on Tomcat that is communicating with the database? In that case it makes sense that your database activity log states the incoming connection as localhost, because that's exactly where it is coming from. Your Tomcat logs will record the incoming external IP address, so why do you want that information duplicated in your database logs? It would not be normal, and in my opinion no way desired, to 'spoof' the client IP of the incoming database connections.

Perhaps tell us why you want to do this?
 
Author
Posts: 109
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You mean simply getting the IP address of the end-user calling your application?

Check out: HttpServletRequest.getRemoteAddr()

But if you have a proxy in front of it, also check the headers: "X-FORWARDED-FOR" or "x-real-ip"....and then simply save the contents to the db.

does that help?
 
Rafał Kozyra
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I got Apache that redirect to Tomcat using HTTPS.

I just want that database create logs of SELECT, DELETE, UPDATES (changes in tables) with IP Address of remote user. Normally i could program this in my application but it would be much easier and faster using database.
 
Rafał Kozyra
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just want use for example database triggers to create logs of my application. But the problem is that i need some kind of identification (IP or user that make changes in database via application).
From yours answers i see that i will need do it my app.

Anyway thans for fast answers.
 
Bartender
Posts: 20842
125
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The SQL Slammer exploit that compromised many ATM (cashpoint) machines worked precisely because there was direct Internet access to the Microsoft SQL Server database. You should never give the Internet direct access to a database server.

If you write a web application in Java and do your database functions through that, you limit the amount of damage an intruder can do - at least if the app is well-written. The Tomcat server and database server don't have to be on the same machine, but the database server should not be visible on the general Internet, only on your local LAN.
 
Tim Cooke
Sheriff
Posts: 4633
300
IntelliJ IDE Clojure Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I can understand how it would be useful to have log information on who caused the action that resulted in a db call and I've worked with an application that logs just that kind of info.

As has been mentioned before, your Servlet application has the means to obtain the incoming IP address, and of course the currently logged in user (if you have registered users), so the solution we implemented was to have the DAO code log out the details of the request it was about to make to the database. Something like:

You get the idea?
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!