On 2016-05-09 16:18:39 -0400, D'Arcy J.M. Cain wrote:
> On Mon, 9 May 2016 13:02:53 -0700
> Adrian Klaver wrote:
> > So define PHP runs as 'nobody'?
>
> Because of the way PHP and Apache works PHP script have to run as the
> Apache user which, in my case anyway, is
On Tue, 10 May 2016 11:20:05 -0400
"D'Arcy J.M. Cain" wrote:
> On Tue, 10 May 2016 10:46:39 -0400
> George Neuner wrote:
> > On Linux (or Unix) you'd set up a forwarding record in iptables that
> > redirects a second port to Postgresql.
>
> Forwarding to
On Mon, May 09, 2016 at 22:43:53 -0400,
"D'Arcy J.M. Cain" wrote:
Of course PHP scripts have to run as nobody so I have no choice other
than to have them store passwords in various config.php files but PHP
users are used to that. I would like to fix that but that's a war for
On Tue, 10 May 2016 10:46:39 -0400
George Neuner wrote:
> On Linux (or Unix) you'd set up a forwarding record in iptables that
> redirects a second port to Postgresql.
Forwarding to a different host is bad enough without explaining
different ports. I think my idea will do
On Tue, 10 May 2016 09:50:10 -0400, "D'Arcy J.M. Cain"
wrote:
>On Mon, 09 May 2016 18:15:16 -0400
>Tom Lane wrote:
>> > I did think of that but how do I define that in pg_hba? The host
>> > field only specifies the remote IP, not the local one.
>>
>>
On Tue, 10 May 2016 09:50:10 -0400
"D'Arcy J.M. Cain" wrote:
> Can you expand on this? I can't seem to get my head around it. How
> does the client make it look like it is coming from this ersatz
> loopback IP? In fact, I don't even need to add this to pg_hba since
> anything
On Mon, 09 May 2016 18:15:16 -0400
Tom Lane wrote:
> > I did think of that but how do I define that in pg_hba? The host
> > field only specifies the remote IP, not the local one.
>
> Right, but you'd be using it essentially as a loopback interface.
> Say you set it up as
On Mon, 9 May 2016 14:56:14 -0700
John R Pierce wrote:
> over a tcp socket, there's no way of knowing *WHAT* the system user
> is short of querying the unreliable service 'authd' (113/tcp) and
> hoping that it A) exists and B) returns something meaningful.
> authd/ident
On Mon, 9 May 2016 17:50:52 -0400
Scott Mead wrote:
> > was thinking of something like this:
> >
> > hostall joe@nobody 192.168.151.75/32 password
> > hostall all 192.168.151.75/32 ident
> >
> > The "all@nobody" field is meant to
"D'Arcy J.M. Cain" writes:
> On Mon, 09 May 2016 17:12:22 -0400
> Tom Lane wrote:
>> If the same user id + database combinations might be valid in both
>> cases (from both PHP and manual connections) I think your only other
>> option for distinguishing which
On 5/9/2016 2:42 PM, D'Arcy J.M. Cain wrote:
I had an idea that that wouldn't be so easy else we would have had it
by now. However, I am not sure that that is what is needed. I was
thinking of something like this:
hostall joe@nobody 192.168.151.75/32 password
hostall
On Mon, May 9, 2016 at 5:42 PM, D'Arcy J.M. Cain wrote:
> On Mon, 09 May 2016 17:12:22 -0400
> Tom Lane wrote:
> > If the same user id + database combinations might be valid in both
> > cases (from both PHP and manual connections) I think your only other
> >
On Mon, 09 May 2016 17:12:22 -0400
Tom Lane wrote:
> If the same user id + database combinations might be valid in both
> cases (from both PHP and manual connections) I think your only other
> option for distinguishing which auth method to use is to make them
> come in on
On Mon, May 09, 2016 at 13:39:48 -0700,
Adrian Klaver wrote:
The above does not make sense to me. Maybe I am not understanding if
you mean connect and login as the same thing or not? I could see
connecting as 'nobody' and then doing SET ROLE as user. Or connect as
"D'Arcy J.M. Cain" writes:
> Here's my situation. I have a mix of users. Some are running PHP
> sites and some are not. PHP runs as the web server owner, "nobody."
> Everyone else runs as their own user.
> Since the PHP sites run as nobody I want to require password but
On 05/09/2016 01:18 PM, D'Arcy J.M. Cain wrote:
On Mon, 9 May 2016 13:02:53 -0700
Adrian Klaver wrote:
So define PHP runs as 'nobody'?
Because of the way PHP and Apache works PHP script have to run as the
Apache user which, in my case anyway, is "nobody" so every
On 5/9/2016 1:18 PM, D'Arcy J.M. Cain wrote:
Basically I think that pg_hba.conf is missing a feature. We can
specify the database, the user and the address but we can't specify the
authenticated user. When it sees this;
provided user name (x) and authenticated user name (nobody) do not match
On Mon, 9 May 2016 13:02:53 -0700
Adrian Klaver wrote:
> So define PHP runs as 'nobody'?
Because of the way PHP and Apache works PHP script have to run as the
Apache user which, in my case anyway, is "nobody" so every PHP script
runs as nobody. Meanwhile non-PHP
On 05/09/2016 12:44 PM, D'Arcy J.M. Cain wrote:
Here's my situation. I have a mix of users. Some are running PHP
sites and some are not. PHP runs as the web server owner, "nobody."
Everyone else runs as their own user.
Since the PHP sites run as nobody I want to require password but accept
Here's my situation. I have a mix of users. Some are running PHP
sites and some are not. PHP runs as the web server owner, "nobody."
Everyone else runs as their own user.
Since the PHP sites run as nobody I want to require password but accept
ident (from the server I control) for the rest.
20 matches
Mail list logo