John Poltorak wrote:
> I am trying to access a Postgres database using PHP from a Web page
> and it doesn't work.
> Could anyone shed any light on the problem?
> This is the error I get - which looks like an authentication problem:-
> Unable to connect to PostgreSQL server: FATAL 1: SetUserId: user 'root' is not in 'pg_shadow'
You may be running a webserver as root. This is very bad. Big security
hole. This means that one PHP script can completely destroy your server,
email your passwords to hackers, and make long-distance calls over your
modem. (Really, root can do all this, so your webserver could too) it's
a good idea to have a web-server user such as "www" or "nobody" or "httpd".
> What have I overlooked in setting up Postgres for Web access?
You typically should make a postgres user for web-access only (using the
master postgresql user for web access has similar security holes). It
makes life a bit easier if you use the same pg user as the web server
user.
Otherwise, you'll need to use:
pg_connect("dbname=whatever user=whatever_user password=pass");
for connections. If you're using a PHP reference That still
advocates using:
pg_connect("localhost","whatever","whatever_user","pass");
Please ignore it, it's been deprecated. (Use one string, not 4.)
-Ronabop
--
Personal: ron@opus1.com, 520-326-6109, http://www.opus1.com/ron/
Work: rchmara@pnsinc.com, 520-546-8993, http://www.pnsinc.com/
The opinions expressed in this email are not neccesarrily those of myself,
my employers, or any of the other little voices in my head.
