| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Ken Causey <ken(at)ineffable(dot)com> |
| Cc: | Ian Harding <ianh(at)co(dot)pierce(dot)wa(dot)us>, <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: PostgreSQL security concerns |
| Date: | 2001-05-31 21:12:45 |
| Message-ID: | Pine.LNX.4.30.0105312311050.757-100000@peter.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Ken Causey writes:
> The situation is that of a shared webserver and a shared SQL server.
> Access to the SQL server is limited to the webserver already. Users can
> only run CGI scripts which will of course execute as the webserver user.
> What I'm looking for is restricting access by postgresql user. All logins
> will be coming from the same host and same host user. I don't
> see this capability as part of pg_hba.conf. Did I miss it?
You need to configure the pg_hba.conf entries so they only succeed for
particular users. If the web server and the database server run on the
same host then it might be easiest to connect through Unix domain sockets
and restrict access by using the file permission bits.
--
Peter Eisentraut peter_e(at)gmx(dot)net http://funkturm.homeip.net/~peter
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Steve Wolfe | 2001-05-31 21:13:12 | Re: Compiling to RPM setup/filesystem layout |
| Previous Message | Peter Eisentraut | 2001-05-31 21:10:20 | Re: Postgres docs in .chm format --- is this possible? |