[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-developers] Working with (was: worried about) Sausalito

Subject: RE: [cobalt-developers] Working with (was: worried about) Sausalito
From: vic@xxxxxxx
Date: Thu Jan 11 00:58:01 2001
List-id: Discussion Forum for developers on Cobalt Networks products <cobalt-developers.list.cobalt.com>

On Wed, 10 Jan 2001, Kal Amry wrote:

> databases. I thought this list is up so that people can help each other, yet
> I guess many people out there do not like to share what they have, yet they
> are subscribed to the list for extra tips, I guess?

I beg you pardon. I haven't been following the list too close lately due
to work overload. Not helping is not my style. Up to my knowledge
postgress access has nothing to do with virtual hosts. It just sits on
port 5432 (tcp) and creates a unix socket in /tmp/.s.PGSQL.5432, the
number can be changed, as Cobalt does at least on the Qube3.

I work with closed servers, only admins, no users, so I have not
researched the subject of user control to far. Back when I used normal CGI
programs, I set up databases with different owners and installed CGI suid
the owner of the database, using all the recomended techniques for
controling suid programs, which are not the best thing to run from a web
server if they are not well designed. Nowadays, PHP4 supports the concept
of sending user and password when setting up a connection to a database.

The problem I see in a virtual server setup is more a security one than a
technical one, as long as the postmaster is accesible to anything on the
machine. And, as most development nowadays is being done with PHP, the
route I would follow is:

1.- Setting postmaster to not trust localhost via pg_hba.conf file,
	requiring the connections to be authenticated. This file resides
	in ~postgres. The top contains very good comments for the setup.
2.- Once this is done, you create different users for accessing the
	databases of the different virtualserver and assign then passwords
	consistent with the mechanism you have selected according to
	pg_hba.conf.
3.- You have the web directories properly set up for your virtual server, 
	such as only the owner and the web server can see then, don't you?
4.- Use pg_connect("dbname=this port=5432 username=user password=soandso")

I hope this is useful at this point in time.

Please, next time don't be so fast in your judgements, everyone has a life
with its own assorment of problems.

-------------------------------------------------------------------------------
G & S Sistemas de Informacion, S.L.  | Phones:
Victoriano Giralt                    |   Land line: +34-952-207-048
Chief Consultant and Owner           |   Mobile:    +34-670-332-720
Torre de San Telmo, 8                |   Fax:       Use e-mail, looks nicer
E-29018 Malaga (Spain)               | E-mail: vic@xxxxxxx
Member of ISOC (Andalusian Chapter)  | http://www.gssi.es/ 
-------------------------------------------------------------------------------

References:
- RE: [cobalt-developers] Working with (was: worried about) Sausalito
  - From: Kal Amry

Prev by Date: [cobalt-developers] NEED HELP WITH MYSQL INSTALL
Next by Date: Re: [cobalt-developers] DNS Question
Previous by thread: RE: [cobalt-developers] Working with (was: worried about) Sausalito
Next by thread: RE: [cobalt-developers] Working with (was: worrried about) Sausalito

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index