Re: Security - local(TRUST) and php/perl access

Поиск
Список
Период
Сортировка
От Josh Berkus
Тема Re: Security - local(TRUST) and php/perl access
Дата
Msg-id web-1377481@davinci.ethosmedia.com
обсуждение исходный текст
Ответ на Security - local(TRUST) and php/perl access  ("Dave" <dave@hawk-systems.com>)
Ответы Re: Security - local(TRUST) and php/perl access  ("Dave" <dave@hawk-systems.com>)
Список pgsql-php
Дерево обсуждения 
Dave,

> Currently we TRUST local users so pretty much any user can access any
> database
> from the shell.
> When PHP or Perl(DBI) accesses the postgres database, can they simply
> specify
> any userid and database set as a local user would, or are they
> restricted to the
> "host sameuser 0.0.0.0 0.0.0.0 password" setting in pg_hba.conf

Anything running on the same machine, whether a shell, PHP, or Perl, is
covered by the "trust" statement, unless you make the mistake of
routing your connection through an external interface.

However, I strongly reccommend against using "trust" on any public web
server.

-Josh Berkus

В списке pgsql-php по дате отправления:

Предыдущее
От: Timothy_maguire@hartehanks.com
Дата:
Сообщение: Re: don't show error messages. how?
Следующее
От: Chadwick Rolfs
Дата:
Сообщение: Re: don't show error messages. how?