Skip site navigation (1) Skip section navigation (2)

Re: PostgreSQL security concerns

From: Ken Causey <ken(at)ineffable(dot)com>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: PostgreSQL security concerns
Date: 2001-05-31 21:24:41
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-general
There are 2 different server systems, so IP sockets are being used.  But,
the only user processes on the webserver are CGI process which all run as
the same user, the web server user (nobody).  Even at that, my point is
that I need to be able to setup databases for specific users which they can
get into, but not allow them to get into other user's databases.  As far as
I can tell, any user settings in pg_hba.conf would apply to the ident user,
which will always be 'nobody'.  The only solution is to have permissions
based on the postgresql user, and I can't find anyway to set that up.

Ken Causey

At 11:12 PM 5/31/01 +0200, you wrote:
>Ken Causey writes:
>> The situation is that of a shared webserver and a shared SQL server.
>> Access to the SQL server is limited to the webserver already.  Users can
>> only run CGI scripts which will of course execute as the webserver user.
>> What I'm looking for is restricting access by postgresql user.  All logins
>> will be coming from the same host and same host user.  I don't
>> see this capability as part of pg_hba.conf.  Did I miss it?
>You need to configure the pg_hba.conf entries so they only succeed for
>particular users.  If the web server and the database server run on the
>same host then it might be easiest to connect through Unix domain sockets
>and restrict access by using the file permission bits.
>Peter Eisentraut   peter_e(at)gmx(dot)net

In response to

pgsql-general by date

Next:From: Steve WolfeDate: 2001-05-31 21:33:50
Subject: Re: Compiling to RPM setup/filesystem layout
Previous:From: Lamar OwenDate: 2001-05-31 21:20:36
Subject: Re: Compiling to RPM setup/filesystem layout

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group