Re: PostgreSQL security concerns

Peter Eisentraut wrote:

>Ken Causey writes:
>
>>The situation is that of a shared webserver and a shared SQL server.
>>Access to the SQL server is limited to the webserver already.  Users can
>>only run CGI scripts which will of course execute as the webserver user.
>>What I'm looking for is restricting access by postgresql user.  All logins
>>will be coming from the same host and same host user.  I don't
>>see this capability as part of pg_hba.conf.  Did I miss it?
>>
>
>You need to configure the pg_hba.conf entries so they only succeed for
>particular users.  If the web server and the database server run on the
>same host then it might be easiest to connect through Unix domain sockets
>and restrict access by using the file permission bits.
>
Besides that you can add all the users you need to pg_hba.conf and do
the required grants to establish the proper permissions.
And setup your script to connect using the proper username in the
connection string.

Or am I missing the point here?

Rob

>
>