Re: Best practice? Web application: single PostgreSQL

On Tue, Jan 13, 2004 at 11:15:30 -0600,
  "Keith G. Murphy" <keithmur@mindspring.com> wrote:
> Perhaps I can answer my own question.  I could use ident and a map that
> lists the web server username as able to map to the different "role"
> usernames.  Unfortunately, that still would allow the web server account
> to "fake" role names.

If you can't trust the web server account then you probably want to use
a system where cgi-bin programs are run as different users.

If you have untrusted users who can supply their own cgi-bin programs
then using a common uid which all cgi-bin programs run under isn't
secure.

> If the "real" PostgreSQL accounts do not coincide to the
> browser-authenticated usernames, I don't see a good way to use PAM/LDAP
> or another mechanism to require that PostgreSQL itself makes sure that
> the given username and password are valid.  Not saying that's a big
> problem, but...

I don't think using information received from the browser to authenticate
versus the postgres server works when you can't be assured that the
cgi-bin program doing the checking is trustworthy.