| From: | Rob Hoopman <uithuis(at)dds(dot)nl> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: PostgreSQL security concerns |
| Date: | 2001-06-01 06:39:06 |
| Message-ID: | 3B17388A.8020309@dds.nl |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Peter Eisentraut wrote:
>Ken Causey writes:
>
>>The situation is that of a shared webserver and a shared SQL server.
>>Access to the SQL server is limited to the webserver already. Users can
>>only run CGI scripts which will of course execute as the webserver user.
>>What I'm looking for is restricting access by postgresql user. All logins
>>will be coming from the same host and same host user. I don't
>>see this capability as part of pg_hba.conf. Did I miss it?
>>
>
>You need to configure the pg_hba.conf entries so they only succeed for
>particular users. If the web server and the database server run on the
>same host then it might be easiest to connect through Unix domain sockets
>and restrict access by using the file permission bits.
>
Besides that you can add all the users you need to pg_hba.conf and do
the required grants to establish the proper permissions.
And setup your script to connect using the proper username in the
connection string.
Or am I missing the point here?
Rob
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rick Saunders | 2001-06-01 07:26:06 | Something odd with Postgresql 6.5 |
| Previous Message | Philip Hallstrom | 2001-06-01 02:05:19 | Re: dumping strategy |