Re: Disable executing external commands from psql? - Mailing list pgsql-general

From Stephen Frost
Subject Re: Disable executing external commands from psql?
Date
Msg-id 20100602021056.GY21875@tamriel.snowman.net
Whole thread Raw
In response to Re: Disable executing external commands from psql?  (Ken Tanzer <ken.tanzer@gmail.com>)
List pgsql-general
* Ken Tanzer (ken.tanzer@gmail.com) wrote:
> OK one more question on this thread.  It occurs to me that for the web
> app, DB username and password is read from a configuration file.  (I
> understand this to be a common method for web applications.)  But since
> apache needs to read the file, then all users can read each others'
> passwords.  Arrghh.  I'm just wondering how web hosters typically deal
> with this issue (or is your info for, say, Wordpress exposed to other
> users if they know where to look for it?)  Sorry if this is too
> off-topic...

Have the username/password for each user site passed through
environment variables which are in the apache config file for the
virtual site they have access to the web root of.  Then deny access to
the apache config files (the users don't really need access to it
anyway, and neither does www-data; apache will read them as root during
startup).

    Thanks,

        Stephen

Attachment

pgsql-general by date:

Previous
From: John R Pierce
Date:
Subject: Re: PosttgreSQL on AIX
Next
From: Craig Ringer
Date:
Subject: Re: server-side extension in c++