Обсуждение: Security for web server access?
I have a working understanding of the use of pg_hba.conf now and can access my database from a variety of user accounts. I'm using host based access and the password mechanism. My question is about server access. Generally, a web server is running under process Nobody and it is usually local to the database. Any opinions about letting the local flag pick up the security? Any thoughts as to protection schemes for web databases? I'm interested in any thoughts regarding priv's on a table basis. Charles Gilley
> > I have a working understanding of the use of pg_hba.conf now and can access > my database from a variety of user accounts. I'm using host based access > and the password mechanism. My question is about server access. > Generally, a web server is running under process Nobody and it is usually > local to the database. Any opinions about letting the local flag pick up > the > security? > > Any thoughts as to protection schemes for web databases? I'm interested in > any thoughts regarding priv's on a table basis. You could use pg_ident.conf to allow the web server to connect as other Postgres users too. The Postgres usernames could be the same as the ones they authenticate to the web server and every CGI knows that from the environment. Setting the PGUSER environment variable to that before connecting will do it. Jan -- #======================================================================# # It's easier to get forgiveness for being wrong than for being right. # # Let's break this rule - forgive me. # #======================================== jwieck@debis.com (Jan Wieck) #