The situation: I have one machine with general user access. Some users
(including myself) own a postgres database. Some users (including myself)
use postgres as a back-end for CGI applications, using the Postgres.pm
module for Perl. This requires that user "nobody" (or www, or whomever)
have read/write access to my database.
The problem: While it's very handy that I can write CGI scripts that can
read/write my database, it's a security problem. Other users` CGI scripts
will also make use of the "nobody" identity to access the database, which
means they can potentially read/write the data in my database if they
wanted to.
The fix: You tell me. It would seem to involve a "setuid" of sorts for
how the httpd process accesses the postgres database.
Any help much appreciated!
Chris
---------------------------------------------
Chris Hardie chris@summersault.com
http://www.summersault.com/chris
vincendum est
---------------------------------------------
