| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | "Keith G(dot) Murphy" <keithmur(at)mindspring(dot)com> |
| Cc: | johnsw(at)wardbrook(dot)com, pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Best practice? Web application: single PostgreSQL |
| Date: | 2004-01-13 19:14:43 |
| Message-ID: | 20040113191443.GA5401@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Tue, Jan 13, 2004 at 11:15:30 -0600,
"Keith G. Murphy" <keithmur(at)mindspring(dot)com> wrote:
> Perhaps I can answer my own question. I could use ident and a map that
> lists the web server username as able to map to the different "role"
> usernames. Unfortunately, that still would allow the web server account
> to "fake" role names.
If you can't trust the web server account then you probably want to use
a system where cgi-bin programs are run as different users.
If you have untrusted users who can supply their own cgi-bin programs
then using a common uid which all cgi-bin programs run under isn't
secure.
> If the "real" PostgreSQL accounts do not coincide to the
> browser-authenticated usernames, I don't see a good way to use PAM/LDAP
> or another mechanism to require that PostgreSQL itself makes sure that
> the given username and password are valid. Not saying that's a big
> problem, but...
I don't think using information received from the browser to authenticate
versus the postgres server works when you can't be assured that the
cgi-bin program doing the checking is trustworthy.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruno Wolff III | 2004-01-13 19:25:32 | Re: Error since powerouttage |
| Previous Message | Daniel E. Fisher | 2004-01-13 19:08:14 | Error since powerouttage |