PostgreSQL and Apache: authentication and authorization - Mailing list pgsql-general
From | jqpx37 |
---|---|
Subject | PostgreSQL and Apache: authentication and authorization |
Date | |
Msg-id | 20060613160754.A1D72640063@iprive.iconicnetworks.com Whole thread Raw |
Responses |
Re: PostgreSQL and Apache: authentication and authorization
|
List | pgsql-general |
Thanks to everyone who replied to my previous post, "PostgreSQL and Apache," where I asked about references describing howto get PostgreSQL and Apache working together. Here, I'll ask the specific questions which motivated that post. The setup: I'm working on a database project. We chose PostgreSQL (PG) (right now 8.1.3 is installed, though we will soonswitch to the latest release, 8.1.4 I believe). For a user interface, I decided to have users access the DB via a webserver, and chose Apache 2 (relatively recent version) for that. The dynamic HTML and DB access will be handled by PHP(tentatively I want to use PHP5). The web server is not being used to put up a public webpage. Rather, it's just a choice for a user interface. Both thedatabase and the web server will reside on the same Linux box. That box will sit on an intranet, behind a firewall; andall users will connect from within the firewall from web browsers. Users will be able to both read and write data. Securityis paramount; only authorized users will be able to connect. Each user will have access to only parts of the data(authorization). My question concerns authentication and access. I can envision, broadly, two authentication schemes: (1) Users authenticate to Apache. (2) Users authenticate to PG. (For security reasons, I'm not considering any scheme where users authenticate/log into the Linux server; or, where authenticationto PG or Apache relies on an OS-level password file listing OS-level users.) Regarding scheme (1), once a user authenticates to Apache, it's not clear to me how to pass on authorization (access) rightsto PG. One method would be to have a single user, say, www_user (aside from the PG superuser), and pass access rightsinformation along in some kind of flag. But then I wouldn't be able to rely on PG's built-in authorization model (ROLEs). (Instead either access rights would be handled in PHP, where I don't think it belongs, or in some extra DB logic,which would be messy.) Another possibility would be to have the PG recognize the same users that Apache does, and use one of the weaker authenticationmethods for PG itself. That is, the "real" authentication would lie with Apache; once authenticated there,a user would be passed on to PG by the weaker method. I'm not sure, however, if this method is secure. (The hopeis it would be secure because Apache was secured, the OS/box is otherwise secure, and PG would accept local connectionsonly.) Re (2), it appears that there is at least one Apache module that allows Apache to handle authentication based on a PG authenticationfile. (So while there would still be Apache-level authentication, the data for that would reside within PG.) This avoids problems with ROLEs, since the users would be PG users, but I'm not sure how it would fit in with otherApache-level authentication I want to do (e.g., client certificates, etc). Nor am I sure how secure it is. My question is the pros and cons of the possible methods. I also need pointers to information on how to do these things. (There are lots of Apache books, and a few PG books, out there, but I haven't found lengthy material on the connectionsbetween the two that I'm wondering about.) Thanks, and apologies for any conceptual confusion evidence here.
pgsql-general by date: