|
We are setting up a Web site using pgsql. I am unsure of which
users I should set up, & who should own the html & php3 files in our
directory etc. The steps I have done so far:
I created a linux user for admin on this particular DB, called
dbuser
As user postgres, I ran "createuser dbuser". I then logged in
as dbuser & created a pgsql DB.
As user postgres I ran "createuser nobody".
I logged in to Linux as dbuser & created a DB (webdb). I
gave user nobody necessary permissions such as select, update etc.
Qu 1. Does it matter which user owns the html & php3 files
in /usr/local/apache/htdocs/webdb? I am thinking it should be user dbuser. And
should file permissions be 755 for these?
Qu 2. I connect to the DB within php3 files with a pg_connect
statement. Within this statement I do not provide a password, as my pg_hba file
presently does not require a password. Is this a security risk on Web databases?
Should I make sure a password is required, & send it in the
pg_connect?
Someone may be able to point me to some information which
handles all of the above.
Thanks in advance.
gjohn
|
- Re: [ADMIN] How to set up users etc for Web access? Gary Robertson
- Re: [ADMIN] How to set up users etc for Web access? Lamar Owen
- Re: [ADMIN] How to set up users etc for Web acc... Aaron Seigo
- Re: [ADMIN] How to set up users etc for Web acc... Dmitry Morozovsky
- Re: Re: [ADMIN] How to set up users etc for Web acc... Mark Linvill
