How to package programs that make use of a database?
Hi,
are there any guidelines for packaging stuff that needs access to a
database? In particular PHP-style of scripts that need to access
databases? When using modphp the script runs as www-data and there's
no way of using another user without starting a second server, is
there? What I'm looking at right now is accessing a Postgres database
from a PHP script. The database might contain tables with sensitive
information. I can for example map www-data to SomeUser, where only
SomeUser has read access to the tables on a given database and I can
block further access to the database. But that's useless, all I need
is the possibility to run a self written php script and presto, I have
access to the data. I could use a password for SomeUser and store it
on a script, but since the http server (that is, the www-data user) has
be able to read the file, my script can do it, too. The only solution
I see is to have the server run as a special user, and grant this user
access to the database. Trivial to do, but not easy to automate in the
context of Debian packages. Did I miss a possibility (one that doesn't
use php-cgi)?
What do web hosting providers do? Do they have one http server per
customer?
--
Marcelo | "Pride is all very well, but a sausage is a sausage."
mmagallo@debian.org | -- Gaspode, of course
| (Terry Pratchett, Men at Arms)
Reply to: