Peter Eisentraut wrote:
>Ken Causey writes:
>
>>The situation is that of a shared webserver and a shared SQL server.
>>Access to the SQL server is limited to the webserver already. Users can
>>only run CGI scripts which will of course execute as the webserver user.
>>What I'm looking for is restricting access by postgresql user. All logins
>>will be coming from the same host and same host user. I don't
>>see this capability as part of pg_hba.conf. Did I miss it?
>>
>
>You need to configure the pg_hba.conf entries so they only succeed for
>particular users. If the web server and the database server run on the
>same host then it might be easiest to connect through Unix domain sockets
>and restrict access by using the file permission bits.
>
Besides that you can add all the users you need to pg_hba.conf and do
the required grants to establish the proper permissions.
And setup your script to connect using the proper username in the
connection string.
Or am I missing the point here?
Rob
>
>
