On Tue, Jan 13, 2004 at 11:15:30 -0600,
"Keith G. Murphy" <keithmur@mindspring.com> wrote:
> Perhaps I can answer my own question. I could use ident and a map that
> lists the web server username as able to map to the different "role"
> usernames. Unfortunately, that still would allow the web server account
> to "fake" role names.
If you can't trust the web server account then you probably want to use
a system where cgi-bin programs are run as different users.
If you have untrusted users who can supply their own cgi-bin programs
then using a common uid which all cgi-bin programs run under isn't
secure.
> If the "real" PostgreSQL accounts do not coincide to the
> browser-authenticated usernames, I don't see a good way to use PAM/LDAP
> or another mechanism to require that PostgreSQL itself makes sure that
> the given username and password are valid. Not saying that's a big
> problem, but...
I don't think using information received from the browser to authenticate
versus the postgres server works when you can't be assured that the
cgi-bin program doing the checking is trustworthy.
