FWIW, in PHP you often put the PostgreSQL user credentials in the code. Usually a config file somewhere. You can also place sensitive files outside of your web root with proper permissions. If all running on a local box I don’t open the ports or set the db config to allow other connections. It seems reasonably secure.
I am curious as to what others do. The PostgreSQL docs have a ton of great info. - Eric > On Jan 31, 2015, at 10:28 AM, Kent Borg <[email protected]> wrote: > > Related to my previous database questions... > > Normally I think of a program as trusting itself, having some integrity, > maybe not even having gaping bugs or security holes. But what if I the > program I am writing is talking to another, such as Postgres? Postgres has > the ability to do passwords, so do I just put a password in my program > source? Set Postgres to only accept local connections, and hope for the best? > Seems wrong. Do I try to put both in a chroot or something? > > My program already has to hope that its program files are secured by the > hosting OS, but at least if it isn't opening up a network port it stays a > rather contained problem. > > (I want multiple programs talking to the database, so no, I can't just link > in Sqlite.) > > Seems a general problem of securing interprocess communications. > > Thoughts? > > Thanks, > > -kb, the Kent who knows that people Google for passwords, search github for > passwords, and get a lot of juicy results. > _______________________________________________ > Discuss mailing list > [email protected] > http://lists.blu.org/mailman/listinfo/discuss _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
