| From: | Ken Causey <ken(at)ineffable(dot)com> |
|---|---|
| To: | "Ian Harding" <ianh(at)co(dot)pierce(dot)wa(dot)us> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: PostgreSQL security concerns |
| Date: | 2001-05-31 15:33:44 |
| Message-ID: | 3.0.1.32.20010531103344.0168f98c@pop3.premiernet.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
OK, I am aware of this file. I need to provide a little more detail.
The situation is that of a shared webserver and a shared SQL server.
Access to the SQL server is limited to the webserver already. Users can
only run CGI scripts which will of course execute as the webserver user.
What I'm looking for is restricting access by postgresql user. All logins
will be coming from the same host and same host user. I don't
see this capability as part of pg_hba.conf. Did I miss it?
Ken Causey
At 07:41 AM 5/31/01 -0700, you wrote:
>RTFM re: pg_hba.conf.
>
<snip some good stuff>
>Ian A. Harding
>Programmer/Analyst II
>Tacoma-Pierce County Health Department
>(253) 798-3549
>mailto: ianh(at)tpchd(dot)org
>
>>>> Ken Causey <ken(at)ineffable(dot)com> 05/31/01 07:34AM >>>
>I've been using PostgreSQL in a limited environment for a couple of years
>now. I'm in a position where I will soon need to be able to allow
>multi-user access. I'm concerned that, as far as I can tell, any user can
>access any database with impunity. Is this correct? Have I missed some
>configuration?
>
>Ken Causey
>
>P.S. I'm not currently on this list, so please reply to me directly.
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephan Szabo | 2001-05-31 15:33:48 | Re: table inheritance |
| Previous Message | S R | 2001-05-31 14:48:06 | One question about postgresql |