From: | "Dave" <dave(at)hawk-systems(dot)com> |
---|---|
To: | "Josh Berkus" <josh(at)agliodbs(dot)com>, <pgsql-php(at)postgresql(dot)org> |
Subject: | Re: Security - local(TRUST) and php/perl access |
Date: | 2002-04-19 17:45:15 |
Message-ID: | DBEIKNMKGOBGNDHAAKGNIEOJOCAA.dave@hawk-systems.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-php |
>Anything running on the same machine, whether a shell, PHP, or Perl, is
>covered by the "trust" statement, unless you make the mistake of
>routing your connection through an external interface.
this is what I was afraid of
>However, I strongly reccommend against using "trust" on any public web
>server.
agreed, thus my concern...
it appears however that if everything is set to password (or better) that
postgres doesn't start on reboot. the startup script reads
case $1 in
start)
[ -d /usr/local/pgsql/lib ] && /sbin/ldconfig -m /usr/local/pgsql/lib
[ -x /usr/local/pgsql/bin/pg_ctl ] && {
su -l pgsql -c \
'exec /usr/local/pgsql/bin/pg_ctl -w start > /usr/local/pgsql/errlog
echo -n ' pgsql'
}
;;
essentially what happens is that the startup waits for the password to be
entered, and as such that and any following services in the local/rc directory
are never started... it times out after a time (if memory serves).
workaround without security ramifications?
Dave
From | Date | Subject | |
---|---|---|---|
Next Message | Jean-Michel POURE | 2002-04-20 07:07:41 | Re: PERFORMANCE |
Previous Message | Chadwick Rolfs | 2002-04-19 16:39:55 | Re: don't show error messages. how? |