Re: Postgres access using PHP - Mailing list pgsql-novice

From Ron Chmara
Subject Re: Postgres access using PHP
Date
Msg-id 3A6236CF.249B0CD8@opus1.com
Whole thread Raw
In response to Postgres access using PHP  (John Poltorak <jp@eyup.org>)
List pgsql-novice
John Poltorak wrote:
> I am trying to access a Postgres database using PHP from a Web page
> and it doesn't work.
> Could anyone shed any light on the problem?
> This is the error I get - which looks like an authentication problem:-
> Unable to connect to PostgreSQL server:  FATAL 1:  SetUserId: user 'root' is not in 'pg_shadow'

You may be running a webserver as root. This is very bad. Big security
hole. This means that one PHP script can completely destroy your server,
email your passwords to hackers, and make long-distance calls over your
modem. (Really, root can do all this, so your webserver could too)  it's
a good idea to have a web-server user such as "www" or "nobody" or "httpd".

> What have I overlooked in setting up Postgres for Web access?

You typically should make a postgres user for web-access only (using the
master postgresql user for web access has similar security holes). It
makes life a bit easier if you use the same pg user as the web server
user.

Otherwise, you'll need to use:
  pg_connect("dbname=whatever user=whatever_user password=pass");
for connections. If you're using a PHP reference That still
advocates using:
  pg_connect("localhost","whatever","whatever_user","pass");

Please ignore it, it's been deprecated. (Use one string, not 4.)

-Ronabop

--
Personal:  ron@opus1.com, 520-326-6109, http://www.opus1.com/ron/
Work: rchmara@pnsinc.com, 520-546-8993, http://www.pnsinc.com/
The opinions expressed in this email are not neccesarrily those of myself,
my employers, or any of the other little voices in my head.

pgsql-novice by date:

Previous
From: John Poltorak
Date:
Subject: Re: Postgres access using PHP
Next
From: "Mario Sánchez"
Date:
Subject: POSTGRES TOO SLOW