I've seen the tool, it seems to be very good, and I plan to use it.
But the question I was originally asking was : how to setup Postgres users and groups
for the databases linked to the sites, in the way that :
* the web server itself can access the data with limited access,
* nobody, using "psql -h mymachine.mydomain template1", can access the databases,
* nobody can read a simple text file somewhere on the site/machine to get a password
to access the databse with full privileges,
* the content administrators for each database can't open the other one's databases on
the same machine
* etc.
Has somebody already think about a good security policy when accessing databases from
both a web server and ODBC connections ?
TIA, and thanks Guiseppe for the link to mod_auth_pgsql
Nicolas
-----Message d'origine-----
De: Giuseppe Tanzilli [SMTP:[EMAIL PROTECTED]]
Date: mercredi 13 octobre 1999 17:55
�: Nicolas Huillard
Cc: '[EMAIL PROTECTED]'
Objet: Re: [ADMIN] User/group policy for pg backed web sites
Ciao,
The tool i suggested can hide in the .htaccess file (read permission only from the web
server)
the user/password to the database.
Of course you have to create the users in pgsql, and set the rights on the tables.
You create different .htaccess for different trees,
in every file you choose user/password and database/table.
Also you can use the auth module to log the "logins" to the restricted web site,
in a postgresql table.
ciao
Nicolas Huillard wrote:
> > see ftp://ftp.eurolink.it/pub/linux/postgreSQL/mod_auth_pgsql
> > an authentication module for apache-> pgsql
>
> I was more asking this question about the better policy to follow, than the tools to
>use in order to implement this policy.
>
> > I usually do different database/tables per site.
>
> How have you created users/groups in this case (both PG users/groups and Unix
>users/group for the HTTPD access) ?
>
> Thanks,
>
> Nicolas Huillard
>
> Nicolas Huillard wrote:
>
> > Hello,
> >
> > I am hosting web sites on Linux, and want to create databases for these web sites.
> > Many virtual Apache web sites are hosted on the same Linux box. Many Postgres
>databases will be hosted on another/the same Linux box. Content administrators will
>be able to access thier databases for their web site, via ODBC, and will not access
>other ones databases.
> >
> > The question is : how should I setup PG users and groups ?
> > * each site has its database
> > * all sites are served by Apache under Linux username http
> > * each database belongs to a different PG user
> > * each content administrator will access his database usgin his username
> > * will the web server access all databases using an "http" PG user, or under each
>database owner name ?
> > * how can I create groups for each database in order for the content administrator
>not being able to break the structure of his database ?
> > * the same with the http user access ?
> >
> > TIA,
> >
> > Nicolas Huillard
> > G.H.S
> > Directeur Technique
> > T�l : +33 1 43 21 16 66
> > Fax : +33 1 56 54 02 18
> > mailto:[EMAIL PROTECTED]
> > http://www.ghs.fr
> >
> > ************
************
