From: | Gavin Sherry <swm(at)linuxworld(dot)com(dot)au> |
---|---|
To: | Jim Mercer <jim(at)reptiles(dot)org> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: hacker help: PHP-4.2.3 patch to allow restriction of |
Date: | 2002-09-27 02:06:43 |
Message-ID: | Pine.LNX.4.21.0209271202580.5257-100000@linuxworld.com.au |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, 26 Sep 2002, Jim Mercer wrote:
> On Fri, Sep 27, 2002 at 11:15:35AM +1000, Gavin Sherry wrote:
> > On Thu, 26 Sep 2002, Jim Mercer wrote:
> > > > I would think so, and IMHO, that's where pgsql access control
> > > > belongs, with pgsql.
> >
> > I totally disagree. It is a language level restriction, not a database
> > level one, so why back it into Postgres? Just parse 'conninfo' when it is
> > pg_(p)connect() and check it against the configuration setting.
>
> which is effectively what my code does, except i was lazy, and i let the
> connection proceed, then check if PQdb() is in the auth list, and fail
Ahh yes. I meant to say this. No point being lazy when it comes to
security.
> maybe not _totally_ secure, but much moreso than nothing.
>
I was basically just suggesting that its effect needs to be
documented. "This needs to be used in conjunction with other forms of
security...."
Gavin
From | Date | Subject | |
---|---|---|---|
Next Message | Jim Mercer | 2002-09-27 02:08:29 | Re: hacker help: PHP-4.2.3 patch to allow restriction of database access |
Previous Message | Jim Mercer | 2002-09-27 01:49:54 | Re: hacker help: PHP-4.2.3 patch to allow restriction of database access |