Re: Permission on tables - Mailing list pgsql-admin

From Rasmus Mohr
Subject Re: Permission on tables
Date
Msg-id 910513A5A944D5118BE900C04F67CB5A0BFD7D@MAIL
Whole thread Raw
In response to Permission on tables  ("Steven Cuthbertson" <steven@tie.cl>)
List pgsql-admin
Granting total access is generally a bad idea. It requires that your
PHP-scripts/modules (or whatever) checks every request that access your
database to ensure only valid/allowed queries are made.

The "permission denied" reply suggests an Apache configuration error, not a
PostgreSQL related error.

--------------------------------------------------------------
Rasmus T. Mohr            Direct  :             +45 36 910 122
Application Developer     Mobile  :             +45 28 731 827
Netpointers Intl. ApS     Phone   :             +45 70 117 117
Vestergade 18 B           Fax     :             +45 70 115 115
1456 Copenhagen K         Email   : mailto:rmo@netpointers.com
Denmark                   Website : http://www.netpointers.com

"Remember that there are no bugs, only undocumented features."
--------------------------------------------------------------

> -----Original Message-----
> From: pgsql-admin-owner@postgresql.org
> [mailto:pgsql-admin-owner@postgresql.org]On Behalf Of Nick Fankhauser
> Sent: Friday, April 26, 2002 4:25 PM
> To: Steven Cuthbertson; pgsql-admin@postgresql.org
> Subject: Re: [ADMIN] Permission on tables
>
>
>
> >      grant ALL on mytable to PUBLIC;
> >
> > Q: Is this dangerous? What is encompassed by "ALL"? Read? Write?
>
> Sounds unwise to me, but I'm not a PHP-er.
>
> In the Tomcat/Apache world, I can tell you that we generally
> grant select on
> mytable to "www-data".
> "www-data is the user that Apache runs as by default. I'd
> suggest finding
> the Apache or PHP user & then granting only those privileges
> needed to only
> that user.
>
> Are you sure that you aren't just getting a more general
> rejection of your
> connection due to problem in pg_hba? You mention that the servers are
> separated. You could test the connectivity & authorization
> from X to Y by
> trying (from X) psql -hY
>
> regards,
>
> -Nick
>
> ---------------------------------------------------------------------
> Nick Fankhauser
>
>     nickf@doxpop.com  Phone 1.765.965.7363  Fax 1.765.962.9788
> doxpop - Court records at your fingertips - http://www.doxpop.com/
>
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
>
>

pgsql-admin by date:

Previous
From: Jean-Michel POURE
Date:
Subject: Re: RPMS
Next
From: "Gaetano Mendola"
Date:
Subject: Re: RPMS