Re: [ADMIN] Security for web server access?

From: jwieck(at)debis(dot)com (Jan Wieck)
To: Charles(dot)Gilley(at)glenayre(dot)com (Gilley, Charles H(dot))
Cc: pgsql-admin(at)postgreSQL(dot)org
Subject: Re: [ADMIN] Security for web server access?
Date: 1998-10-28 19:39:27
Message-ID: m0zYbRH-000EBPC@orion.SAPserv.Hamburg.dsh.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

>
> I have a working understanding of the use of pg_hba.conf now and can access
> my database from a variety of user accounts. I'm using host based access
> and the password mechanism. My question is about server access.
> Generally, a web server is running under process Nobody and it is usually
> local to the database. Any opinions about letting the local flag pick up
> the
> security?
>
> Any thoughts as to protection schemes for web databases? I'm interested in
> any thoughts regarding priv's on a table basis.

You could use pg_ident.conf to allow the web server to
connect as other Postgres users too. The Postgres usernames
could be the same as the ones they authenticate to the web
server and every CGI knows that from the environment. Setting
the PGUSER environment variable to that before connecting
will do it.

Jan

--

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#======================================== jwieck(at)debis(dot)com (Jan Wieck) #

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Andy Lewis 1998-10-30 17:22:52 Authentication Problem
Previous Message Magnus Harlander 1998-10-28 09:47:25 strange performance loss