[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PostgreSQL-Problem and Problem on Alioth

On Tue, Jan 25, 2005 at 10:38:37AM +0100, Martin Pitt wrote:
> There are two common ways to achieve that:
> - Connect as "www-data". For this you need an appropriate PostgreSQL
>   user ("createuser www-data" as user postgres). Then you either make
>   www-data the owner of the database ("createdb -O www-data mydb") or
>   you set the owner to some application-specific PostgreSQL user and
>   only GRANT the necessary permissions to www-data (usually you need
>   table creation etc. only for package installation and can restrict
>   www-data permissions to SELECT/UPDATE).

if i'm understanding correctly, a security drawback of both these
methods is that any web application would effectively have r/w privileges
to every web app's database, right?

>   This solution has the advantage that you don't need to modify
>   pg_hba.conf (since you can use "ident sameuser" authentication).

which is certainly not to be overlooked.  i think maybe a disclaimer
like "if you run multiple applications, this may present a security
risk" might be in order, but it should definitely be an option.

> - Connect as $dbc_dbuser and use "password" authentication. ident
>   makes not much sense since the database user has not necessarily
>   a system user counterpart (if it has, then this would of course
>   work). But if it hasn't, you need a pg_hba.conf entry.

thanks for the clarification on all this.  i'm also now spending some
time reading the fine manual (online postgres docs) about
identification/authentication, which will help clarify things a bit.

> I'm open to suggestions about making modifications to pg_hba.conf
> unnecessary in the common case. (I still need some time to read this

what would be helpful here is to hear from a larger number of
debian/postgres admins about how they have things set up, to get
an idea what the most common setups actually are.

also, it looks like pg_hba.conf and pg_ident.conf both have some
kind of @include functionality, which might make messing with either
of the files moot.  i'll have to look more into these details...

> unnecessary in the common case. (I still need some time to read this
> thread about the common database infrastructure *sigh*).

you can get the highlights on my p.d.o page :)



Attachment: signature.asc
Description: Digital signature

Reply to: