Jim Mercer <jim@reptiles.org> wrote:
> as it currently stands, virtual hosts can trample all over other
databases,
> and with the nature of a single uid for all apache/php/libpq proceses,
> they are generally doing it with the same pgsql user.
I haven't followed the whole thread, so perhaps I missed something. But why
not just use password authentication to the database with a different user
for each database? Ok, one has to store the plain-text passwords in the php
files. You have to protect your users from reading each others files anyway;
this can be done.
At least you can set up different users per database, so that it doesn't
matter if the proposed restriction setting is by database or by user.
Regards,
Michael Paesold