Re: [GENERAL] cgi with postgres
| От | Ron Chmara |
|---|---|
| Тема | Re: [GENERAL] cgi with postgres |
| Дата | |
| Msg-id | 3882D70C.FA61E59@opus1.com обсуждение исходный текст |
| Ответ на | Re: [GENERAL] cgi with postgres ("Jeff MacDonald <jeff@pgsql.com>" <jeffm@pgsql.com>) |
| Список | pgsql-general |
"Jeff MacDonald " wrote: > 'what's to stop someone from logging in to hub, writing a script > with my name in user=user in the dbi::connect function. then > making it enter a bunch of bogus data.' > at first i thought gee well just put a passwd on the database, > then i thought, gee that's stupid since it's stored in plain text. Depends on how you're set up. You can use host based authentification, so only valid machines can make changes. You can shut out shell accounts on the machine, and then use the host's username/pass function for connection. You can use postgres crypt'ed passwords, which doesn't store passwords at all, it stores a block of zeros encrypted using the password.... at least on the machine itself, not in the CGI's... (Yes, I'm rambling about other issues, but I'll get there...) If you're only requiring one username, one password, for a file everybody has access to, well, yes, that's a problem. Which is why password files usually have permissions on them, so : -rw------- 1 postgres demigods 8192 Jan 7 11:55 pg_shadow can only be read/written by user postgres, group demigods. See: http://www.postgresql.org/doxlist.html for a rough overview of how this is supposed to work.. (Still rambling, not about scripted, stored, user/pass access yet) Yes, yes, you can have connections that are username only. You can have username and password, in a cgi, which is why you *don't use real, powerful, usernames and passwords in scripts*. You use things like www or nobody, which write to temporary tables. Which are then inspected for accuracy, or validated, or verified. If your question is framed as "when I give others access into the bank, how do I know they won't steal money?", the response is "by not letting them near the real money". You set up a user for the db that has the _bare_ minimum, and you never, ever, use a cgi. or a script, that allows more rights to be granted. Put another way: It's a bad move to have suid root programs available to the regular users for the same reason... A better metaphor might be: You don't leave your housekeys at the front door for the mailman to deliver the mail. You may have a locked mailbox, and when you want to move the mail, you unlock the box, and _then_ move it. The user doesn't have privleges to dump bad data into the secure tables, only insecure tables. HTH, -Bop
В списке pgsql-general по дате отправления: