Re: [ADMIN] Security for web server access? - Mailing list pgsql-admin

From jwieck@debis.com (Jan Wieck)
Subject Re: [ADMIN] Security for web server access?
Date
Msg-id m0zYbRH-000EBPC@orion.SAPserv.Hamburg.dsh.de
Whole thread Raw
In response to Security for web server access?  ("Gilley, Charles H." <Charles.Gilley@glenayre.com>)
List pgsql-admin
>
> I have a working understanding of the use of pg_hba.conf now and can access
> my database from a variety of user accounts.  I'm using host based access
> and the password mechanism.  My question is about server access.
> Generally, a web server is running under process Nobody and it is usually
> local to the database.  Any opinions about letting the local flag pick up
> the
> security?
>
> Any thoughts as to protection schemes for web databases?  I'm interested in
> any thoughts regarding priv's on a table basis.

    You  could  use  pg_ident.conf  to  allow  the  web server to
    connect as other Postgres users too. The  Postgres  usernames
    could  be  the  same as the ones they authenticate to the web
    server and every CGI knows that from the environment. Setting
    the  PGUSER  environment  variable  to that before connecting
    will do it.


Jan

--

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#======================================== jwieck@debis.com (Jan Wieck) #

pgsql-admin by date:

Previous
From: Magnus Harlander
Date:
Subject: strange performance loss
Next
From: Andy Lewis
Date:
Subject: Authentication Problem