Skip site navigation (1) Skip section navigation (2)

Re: hacker help: PHP-4.2.3 patch to allow restriction of database access

From: Jim Mercer <jim(at)reptiles(dot)org>
To: Gavin Sherry <swm(at)linuxworld(dot)com(dot)au>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: hacker help: PHP-4.2.3 patch to allow restriction of database access
Date: 2002-09-27 01:49:54
Message-ID: 20020927014954.GA52451@reptiles.org (view raw or flat)
Thread:
Lists: pgsql-hackers
On Fri, Sep 27, 2002 at 11:15:35AM +1000, Gavin Sherry wrote:
> On Thu, 26 Sep 2002, Jim Mercer wrote:
> > > I would think so, and IMHO, that's where pgsql access control
> > > belongs, with pgsql.
> 
> I totally disagree. It is a language level restriction, not a database
> level one, so why back it into Postgres? Just parse 'conninfo' when it is 
> pg_(p)connect() and check it against the configuration setting.

which is effectively what my code does, except i was lazy, and i let the
connection proceed, then check if PQdb() is in the auth list, and fail
if it isn't.  (i figured that way if there was any silliness in the conninfo
string, PQconnect would figure it out).

> The patch seems fine. I am unsure as to how useful it is.
> 
> system("/usr/local/pgsql/bin/psql -U jim -c \"select 'i got
> 			in';\" template1");

that wouldn't work so well in safe_mode.  which is the area i'm playing with.

maybe not _totally_ secure, but much moreso than nothing.

and retricting virtual hosts to their own data sets relieves me of worry
about "GRANT all ON blah TO public;".

-- 
[ Jim Mercer        jim(at)reptiles(dot)org         +1 416 410-5633 ]
[          I want to live forever, or die trying.            ]

In response to

Responses

pgsql-hackers by date

Next:From: Gavin SherryDate: 2002-09-27 02:06:43
Subject: Re: hacker help: PHP-4.2.3 patch to allow restriction of
Previous:From: Gavin SherryDate: 2002-09-27 01:15:35
Subject: Re: hacker help: PHP-4.2.3 patch to allow restriction of

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group