Re: PostgreSQL security concerns
От | Craig Orsinger |
---|---|
Тема | Re: PostgreSQL security concerns |
Дата | |
Msg-id | 20010531.181843.1096689772.16364@epg.lewis.army_mil.invalid обсуждение исходный текст |
Ответ на | Re: PostgreSQL security concerns (Ken Causey <ken@ineffable.com>) |
Список | pgsql-general |
In article <3.0.1.32.20010531103344.0168f98c@pop3.premiernet.net>, "Ken Causey" <ken@ineffable.com> wrote: > OK, I am aware of this file. I need to provide a little more detail. > > The situation is that of a shared webserver and a shared SQL server. > Access to the SQL server is limited to the webserver already. Users can > only run CGI scripts which will of course execute as the webserver user. > What I'm looking for is restricting access by postgresql user. All > logins will be coming from the same host and same host user. I don't > see this capability as part of pg_hba.conf. Did I miss it? You can restrict access on a table-by-table basis using the SQL GRANT command. For instance, for web access using Apache server side includes, the user nobody must have the appropriate access. I allow web users to read a database but not change it, so for any table a web user might need to read I run the command: GRANT SELECT ON <table name> TO nobody ; Of course, for this to work the user 'nobody' must be already a PostgreSQL user. BTW, the opposite of GRANT is REVOKE, which you can use to revoke a database privilege for a PostgreSQL user.
В списке pgsql-general по дате отправления: