Обсуждение: Security for web server access?

I have a working understanding of the use of pg_hba.conf now and can access
my database from a variety of user accounts.  I'm using host based access
and the password mechanism.  My question is about server access.
Generally, a web server is running under process Nobody and it is usually
local to the database.  Any opinions about letting the local flag pick up
the
security?

Any thoughts as to protection schemes for web databases?  I'm interested in
any thoughts regarding priv's on a table basis.

Charles Gilley

>
> I have a working understanding of the use of pg_hba.conf now and can access
> my database from a variety of user accounts.  I'm using host based access
> and the password mechanism.  My question is about server access.
> Generally, a web server is running under process Nobody and it is usually
> local to the database.  Any opinions about letting the local flag pick up
> the
> security?
>
> Any thoughts as to protection schemes for web databases?  I'm interested in
> any thoughts regarding priv's on a table basis.

    You  could  use  pg_ident.conf  to  allow  the  web server to
    connect as other Postgres users too. The  Postgres  usernames
    could  be  the  same as the ones they authenticate to the web
    server and every CGI knows that from the environment. Setting
    the  PGUSER  environment  variable  to that before connecting
    will do it.


Jan

--

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#======================================== jwieck@debis.com (Jan Wieck) #