From: | "Craig Orsinger" <orsingerc(at)epg(dot)lewis(dot)army_mil(dot)invalid> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: PostgreSQL security concerns |
Date: | 2001-06-01 01:18:53 |
Message-ID: | 20010531.181843.1096689772.16364@epg.lewis.army_mil.invalid |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
In article <3(dot)0(dot)1(dot)32(dot)20010531103344(dot)0168f98c(at)pop3(dot)premiernet(dot)net>, "Ken
Causey" <ken(at)ineffable(dot)com> wrote:
> OK, I am aware of this file. I need to provide a little more detail.
>
> The situation is that of a shared webserver and a shared SQL server.
> Access to the SQL server is limited to the webserver already. Users can
> only run CGI scripts which will of course execute as the webserver user.
> What I'm looking for is restricting access by postgresql user. All
> logins will be coming from the same host and same host user. I don't
> see this capability as part of pg_hba.conf. Did I miss it?
You can restrict access on a table-by-table basis using the SQL
GRANT command. For instance, for web access using Apache server
side includes, the user nobody must have the appropriate access. I
allow web users to read a database but not change it, so for any table
a web user might need to read I run the command:
GRANT SELECT ON <table name> TO nobody ;
Of course, for this to work the user 'nobody' must be already a
PostgreSQL user. BTW, the opposite of GRANT is REVOKE, which
you can use to revoke a database privilege for a PostgreSQL user.
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Davies | 2001-06-01 01:21:31 | Disconnecting users for backup etc |
Previous Message | Tom Lane | 2001-06-01 00:58:34 | Re: [HACKERS] extra syntax on INSERT |