Re: hacker help: PHP-4.2.3 patch to allow restriction of

On Thu, 26 Sep 2002, Jim Mercer wrote:

> 
> the following was sent to the php developer's list, and they came back with:
> 
> > > Isn't it generally better (where "better" means more secure,
> > > efficient, and easily maintained) to handle database access
> > > control using PostgreSQL's native access mappings?
> >
> > I would think so, and IMHO, that's where pgsql access control
> > belongs, with pgsql.

I totally disagree. It is a language level restriction, not a database
level one, so why back it into Postgres? Just parse 'conninfo' when it is 
pg_(p)connect() and check it against the configuration setting.

The patch seems fine. I am unsure as to how useful it is.

system("/usr/local/pgsql/bin/psql -U jim -c \"select 'i got        in';\" template1");

Gavin