ok, so i have pg-7.0, apache 1.3.12 and php3 installed on a server.
i'm having difficulty coming up with an appropriate security model to cover
off what i want to do:
- queries via localhost (unix domain sockets) should assume that the pg_user
is the same as the unix user running the process.
- queries via tcp sockets should require a valid pg_user and password
the second is easy enough to facilitate.
the first i haven't been able to figure out.
with a pg_hba.conf entry of "local trust", the user can override their identity
and do anything they want.
with a pg_hba.conf entry of "local password" the user is forced to enter their
password every time. this wouldn't work very well with scripts in crontabs.
am i missing something here?
--
[ Jim Mercer jim@reptiles.org +1 416 506-0654 ]
[ Reptilian Research -- Longer Life through Colder Blood ]
[ Don't be fooled by cheap Finnish imitations; BSD is the One True Code. ]
