| From: | Rasmus Mohr <rmo(at)Netpointers(dot)com> |
|---|---|
| To: | "'pgsql-admin(at)postgresql(dot)org'" <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Permission on tables |
| Date: | 2002-04-29 07:30:15 |
| Message-ID: | 910513A5A944D5118BE900C04F67CB5A0BFD7D@MAIL |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Granting total access is generally a bad idea. It requires that your
PHP-scripts/modules (or whatever) checks every request that access your
database to ensure only valid/allowed queries are made.
The "permission denied" reply suggests an Apache configuration error, not a
PostgreSQL related error.
--------------------------------------------------------------
Rasmus T. Mohr Direct : +45 36 910 122
Application Developer Mobile : +45 28 731 827
Netpointers Intl. ApS Phone : +45 70 117 117
Vestergade 18 B Fax : +45 70 115 115
1456 Copenhagen K Email : mailto:rmo(at)netpointers(dot)com
Denmark Website : http://www.netpointers.com
"Remember that there are no bugs, only undocumented features."
--------------------------------------------------------------
> -----Original Message-----
> From: pgsql-admin-owner(at)postgresql(dot)org
> [mailto:pgsql-admin-owner(at)postgresql(dot)org]On Behalf Of Nick Fankhauser
> Sent: Friday, April 26, 2002 4:25 PM
> To: Steven Cuthbertson; pgsql-admin(at)postgresql(dot)org
> Subject: Re: [ADMIN] Permission on tables
>
>
>
> > grant ALL on mytable to PUBLIC;
> >
> > Q: Is this dangerous? What is encompassed by "ALL"? Read? Write?
>
> Sounds unwise to me, but I'm not a PHP-er.
>
> In the Tomcat/Apache world, I can tell you that we generally
> grant select on
> mytable to "www-data".
> "www-data is the user that Apache runs as by default. I'd
> suggest finding
> the Apache or PHP user & then granting only those privileges
> needed to only
> that user.
>
> Are you sure that you aren't just getting a more general
> rejection of your
> connection due to problem in pg_hba? You mention that the servers are
> separated. You could test the connectivity & authorization
> from X to Y by
> trying (from X) psql -hY
>
> regards,
>
> -Nick
>
> ---------------------------------------------------------------------
> Nick Fankhauser
>
> nickf(at)doxpop(dot)com Phone 1.765.965.7363 Fax 1.765.962.9788
> doxpop - Court records at your fingertips - http://www.doxpop.com/
>
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gaetano Mendola | 2002-04-29 11:05:34 | Re: RPMS |
| Previous Message | Jean-Michel POURE | 2002-04-28 16:09:18 | Re: RPMS |