Re: Permission on tables
| От | Rasmus Mohr |
|---|---|
| Тема | Re: Permission on tables |
| Дата | |
| Msg-id | 910513A5A944D5118BE900C04F67CB5A0BFD7D@MAIL обсуждение исходный текст |
| Ответ на | Permission on tables ("Steven Cuthbertson" <steven@tie.cl>) |
| Список | pgsql-admin |
Granting total access is generally a bad idea. It requires that your PHP-scripts/modules (or whatever) checks every request that access your database to ensure only valid/allowed queries are made. The "permission denied" reply suggests an Apache configuration error, not a PostgreSQL related error. -------------------------------------------------------------- Rasmus T. Mohr Direct : +45 36 910 122 Application Developer Mobile : +45 28 731 827 Netpointers Intl. ApS Phone : +45 70 117 117 Vestergade 18 B Fax : +45 70 115 115 1456 Copenhagen K Email : mailto:rmo@netpointers.com Denmark Website : http://www.netpointers.com "Remember that there are no bugs, only undocumented features." -------------------------------------------------------------- > -----Original Message----- > From: pgsql-admin-owner@postgresql.org > [mailto:pgsql-admin-owner@postgresql.org]On Behalf Of Nick Fankhauser > Sent: Friday, April 26, 2002 4:25 PM > To: Steven Cuthbertson; pgsql-admin@postgresql.org > Subject: Re: [ADMIN] Permission on tables > > > > > grant ALL on mytable to PUBLIC; > > > > Q: Is this dangerous? What is encompassed by "ALL"? Read? Write? > > Sounds unwise to me, but I'm not a PHP-er. > > In the Tomcat/Apache world, I can tell you that we generally > grant select on > mytable to "www-data". > "www-data is the user that Apache runs as by default. I'd > suggest finding > the Apache or PHP user & then granting only those privileges > needed to only > that user. > > Are you sure that you aren't just getting a more general > rejection of your > connection due to problem in pg_hba? You mention that the servers are > separated. You could test the connectivity & authorization > from X to Y by > trying (from X) psql -hY > > regards, > > -Nick > > --------------------------------------------------------------------- > Nick Fankhauser > > nickf@doxpop.com Phone 1.765.965.7363 Fax 1.765.962.9788 > doxpop - Court records at your fingertips - http://www.doxpop.com/ > > > ---------------------------(end of > broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster > >
В списке pgsql-admin по дате отправления: