From: | "k" <kraznus(at)yahoo(dot)com> |
---|---|
To: | <pgsql-novice(at)hub(dot)org> |
Subject: | RE: Setting Permissions for web viewing |
Date: | 2000-10-19 20:04:28 |
Message-ID: | NCBBKIKAKKEDELCFBBBDAEEJEBAA.kraznus@yahoo.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
The pg_connect command worked as localhost, but then the pg_exec failed with
permission errors?
If you started from scratch, I think you would need to do the following
things:
1) determine who the "user" is that the webserver is running as (Suggestions
on how to do this?)
2) set up that user in postgres with createuser (but I'm unsure how to best
deal with the password, should it be NULL and then restrict the access or
should it have a value that you pass as a parameter down the road? This
ties into point 4)
3) give that user permissions to access the database tables in the psql
interface with the "GRANT" command
4) figure out the best way of having the webserver (as "user") connect to
the database, e.g. the options suggested below (although I assume the first
option implies that the user is set up with a NULL password? How would this
work exactly?)
I'm not an expert on the above, so would also appreciate input on how to
best accomplish this securely. Are there any good how-to's on this?
Cheers!
Robert
-----Original Message-----
From: pgsql-novice-owner(at)hub(dot)org [mailto:pgsql-novice-owner(at)hub(dot)org]On
Behalf Of D. Duccini
Sent: Thursday, October 19, 2000 1:31 PM
To: Kevin Leclaire
Cc: pgsql-novice(at)hub(dot)org
Subject: Re: [NOVICE] Setting Permissions for web viewing
the problem isn't the database, its the user the webserver is running as
you can solve this by using chown and chmod u+s to make the script
execute as a known user to the database
the alernate is to pass in a fully qualified connect string specifying
user/database
-duck
On Thu, 19 Oct 2000, Kevin Leclaire wrote:
> What's the cleanest way to set permissions in postgres so that a web
> application can properly view and query a back-end database, but not
modify?
>
> I have tried modifying pg_hba.conf, and got it to do a pg_connect()
> successfully, however, the subsequent pg_Exex() call failed with the
> following browser error: "Warning: PostgreSQL query failed: ERROR:
> table_name: Permission denied..."
>
> Thanks!
>
> Kevin
>
----------------------------------------------------------------------------
-
david(at)backpack(dot)com BackPack Software, Inc.
www.backpack.com
+1 651.645.7550 voice "Life is an Adventure.
+1 651.645.9798 fax Don't forget your BackPack!"
----------------------------------------------------------------------------
-
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
From | Date | Subject | |
---|---|---|---|
Next Message | Chris | 2000-10-19 22:45:49 | RE: Setting Permissions for web viewing |
Previous Message | D. Duccini | 2000-10-19 17:30:42 | Re: Setting Permissions for web viewing |