Re: PostgreSQL security concerns

In article <3.0.1.32.20010531103344.0168f98c@pop3.premiernet.net>, "Ken
Causey" <ken@ineffable.com> wrote:

> OK, I am aware of this file.  I need to provide a little more detail.
>
> The situation is that of a shared webserver and a shared SQL server.
> Access to the SQL server is limited to the webserver already.  Users can
> only run CGI scripts which will of course execute as the webserver user.
> What I'm looking for is restricting access by postgresql user.  All
> logins will be coming from the same host and same host user.  I don't
> see this capability as part of pg_hba.conf.  Did I miss it?

    You can restrict access on a table-by-table basis using the SQL
GRANT command. For instance, for web access using Apache server
side includes, the user nobody must have the appropriate access. I
allow web users to read a database but not change it, so for any table
a web user might need to read I run the command:

GRANT SELECT ON <table name> TO nobody ;

    Of course, for this to work the user 'nobody' must be already a
PostgreSQL user. BTW, the opposite of GRANT is REVOKE, which
you can use to revoke a database privilege for a PostgreSQL user.