[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

How to package programs that make use of a database?



Hi,

 are there any guidelines for packaging stuff that needs access to a
 database?  In particular PHP-style of scripts that need to access
 databases?  When using modphp the script runs as www-data and there's
 no way of using another user without starting a second server, is
 there?  What I'm looking at right now is accessing a Postgres database
 from a PHP script.  The database might contain tables with sensitive
 information.  I can for example map www-data to SomeUser, where only
 SomeUser has read access to the tables on a given database and I can
 block further access to the database.  But that's useless, all I need
 is the possibility to run a self written php script and presto, I have
 access to the data.  I could use a password for SomeUser and store it
 on a script, but since the http server (that is, the www-data user) has
 be able to read the file, my script can do it, too.  The only solution
 I see is to have the server run as a special user, and grant this user
 access to the database.  Trivial to do, but not easy to automate in the
 context of Debian packages.  Did I miss a possibility (one that doesn't
 use php-cgi)?

 What do web hosting providers do?  Do they have one http server per
 customer?

-- 
Marcelo             | "Pride is all very well, but a sausage is a sausage."
mmagallo@debian.org |         -- Gaspode, of course
                    |            (Terry Pratchett, Men at Arms)



Reply to: