Re: hacker help: PHP-4.2.3 patch to allow restriction of database access - Mailing list pgsql-hackers

From Michael Paesold
Subject Re: hacker help: PHP-4.2.3 patch to allow restriction of database access
Date
Msg-id 009201c266f6$fcf11080$4201a8c0@beeblebrox
Whole thread Raw
In response to Re: hacker help: PHP-4.2.3 patch to allow restriction of database access  (Jim Mercer <jim@reptiles.org>)
Responses Re: hacker help: PHP-4.2.3 patch to allow restriction of database access
List pgsql-hackers
Jim Mercer <jim@reptiles.org> wrote:

> as it currently stands, virtual hosts can trample all over other
databases,
> and with the nature of a single uid for all apache/php/libpq proceses,
> they are generally doing it with the same pgsql user.

I haven't followed the whole thread, so perhaps I missed something. But why
not just use password authentication to the database with a different user
for each database? Ok, one has to store the plain-text passwords in the php
files. You have to protect your users from reading each others files anyway;
this can be done.

At least you can set up different users per database, so that it doesn't
matter if the proposed restriction setting is by database or by user.

Regards,
Michael Paesold



pgsql-hackers by date:

Previous
From: Jim Mercer
Date:
Subject: Re: hacker help: PHP-4.2.3 patch to allow restriction of database access
Next
From: Jim Mercer
Date:
Subject: Re: hacker help: PHP-4.2.3 patch to allow restriction of database access