Quick Links

Re: Security - local(TRUST) and php/perl access

From:	"Josh Berkus" <josh(at)agliodbs(dot)com>
To:	"Dave" <dave(at)hawk-systems(dot)com>, <pgsql-php(at)postgresql(dot)org>
Subject:	Re: Security - local(TRUST) and php/perl access
Date:	2002-04-19 16:10:30
Message-ID:	web-1377481@davinci.ethosmedia.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-php

Dave,

> Currently we TRUST local users so pretty much any user can access any
> database
> from the shell.
> When PHP or Perl(DBI) accesses the postgres database, can they simply
> specify
> any userid and database set as a local user would, or are they
> restricted to the
> "host sameuser 0.0.0.0 0.0.0.0 password" setting in pg_hba.conf

Anything running on the same machine, whether a shell, PHP, or Perl, is
covered by the "trust" statement, unless you make the mistake of
routing your connection through an external interface.

However, I strongly reccommend against using "trust" on any public web
server.

-Josh Berkus

In response to

Security - local(TRUST) and php/perl access at 2002-04-19 14:01:14 from Dave

Responses

Re: Security - local(TRUST) and php/perl access at 2002-04-19 17:45:15 from Dave

Browse pgsql-php by date

	From	Date	Subject
Next Message	Chadwick Rolfs	2002-04-19 16:39:55	Re: don't show error messages. how?
Previous Message	Timothy_maguire	2002-04-19 14:23:16	Re: don't show error messages. how?