Thread: Security

Security

From

"Luz Lopez"

Date:

07 November 2000, 16:17:05

Hi all,

I have a Database and my interface is with PHP, but I hace problems,
I can connect to a  Data Base using PHP with using login and password.  If I
have an user with restricted privileges, how can I force this user to access
with login and password, via WEB?

I use pg_connect("host=localhost port=5432 user=wwwuser password=XXX
dbname=YYY"); but if I use _connect("host=localhost port=5432 dbname=YYY");
the program connect without problems a the Database, I believe that I have
serius problme of security.

I need your Help....

Thanks in advanced,
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at
http://profiles.msn.com.

Re: Security

From

Jeff MacDonald

Date:

07 November 2000, 16:30:10

in the pg_hba.conf instead of trust put crypt
for the hosts that you want to require a password.

jeff

On Tue, 7 Nov 2000, Luz Lopez wrote:

> Hi all,
>
> I have a Database and my interface is with PHP, but I hace problems,
> I can connect to a  Data Base using PHP with using login and password.  If I
> have an user with restricted privileges, how can I force this user to access
> with login and password, via WEB?
>
> I use pg_connect("host=localhost port=5432 user=wwwuser password=XXX
> dbname=YYY"); but if I use _connect("host=localhost port=5432 dbname=YYY");
> the program connect without problems a the Database, I believe that I have
> serius problme of security.
>
> I need your Help....
>
> Thanks in advanced,
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.
>

Jeff MacDonald,

-----------------------------------------------------
PostgreSQL Inc        | Hub.Org Networking Services
jeff@pgsql.com        | jeff@hub.org
www.pgsql.com        | www.hub.org
1-902-542-0713        | 1-902-542-3657
-----------------------------------------------------
Facsimile : 1 902 542 5386
IRC Nick  : bignose

Re: Security

From

Chris Ryan

Date:

07 November 2000, 16:33:06

you will want to modify your pg_hba.conf file, in the data directory, to
have a line that
requires anyone connecting from the internet to require a password. Part
of this requires a password file which can be created with pg_passwd
filename.

For example:

add a line to pg_hba.conf similar to this:
host         all         0.0.0.0   0.0.0.0       password passwd

then in the data directory run the following command:
pg_passwd passwd

you can test this change out by connecting using:
psql -h hostname -U username dbname

Hope this helps.

Chris Ryan


Luz Lopez wrote:
>
> Hi all,
>
> I have a Database and my interface is with PHP, but I hace problems,
> I can connect to a  Data Base using PHP with using login and password.  If I
> have an user with restricted privileges, how can I force this user to access
> with login and password, via WEB?
>
> I use pg_connect("host=localhost port=5432 user=wwwuser password=XXX
> dbname=YYY"); but if I use _connect("host=localhost port=5432 dbname=YYY");
> the program connect without problems a the Database, I believe that I have
> serius problme of security.
>
> I need your Help....
>
> Thanks in advanced,
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.