Re: PostgreSQL security concerns - Mailing list pgsql-general

From Craig Orsinger
Subject Re: PostgreSQL security concerns
Date
Msg-id 20010531.181843.1096689772.16364@epg.lewis.army_mil.invalid
Whole thread Raw
In response to Re: PostgreSQL security concerns  (Ken Causey <ken@ineffable.com>)
List pgsql-general
In article <3.0.1.32.20010531103344.0168f98c@pop3.premiernet.net>, "Ken
Causey" <ken@ineffable.com> wrote:

> OK, I am aware of this file.  I need to provide a little more detail.
>
> The situation is that of a shared webserver and a shared SQL server.
> Access to the SQL server is limited to the webserver already.  Users can
> only run CGI scripts which will of course execute as the webserver user.
> What I'm looking for is restricting access by postgresql user.  All
> logins will be coming from the same host and same host user.  I don't
> see this capability as part of pg_hba.conf.  Did I miss it?

    You can restrict access on a table-by-table basis using the SQL
GRANT command. For instance, for web access using Apache server
side includes, the user nobody must have the appropriate access. I
allow web users to read a database but not change it, so for any table
a web user might need to read I run the command:

GRANT SELECT ON <table name> TO nobody ;

    Of course, for this to work the user 'nobody' must be already a
PostgreSQL user. BTW, the opposite of GRANT is REVOKE, which
you can use to revoke a database privilege for a PostgreSQL user.

pgsql-general by date:

Previous
From: niamul@another.com
Date:
Subject: getting primary and foreign using jdbc
Next
From: h2o@lineone.net (N.A.)
Date:
Subject: Postgres java interface test error