- [EMAIL PROTECTED]% (Jim Mercer):
>> It will be yet another safe_mode like feature. i.e.
>> it isn't secure as it sounds. Users with a little knowledge
>> can access backend with socket function. Therefore, I agree
>> with Ilia's opinion.
> the concept here is security, and i recognize that part
On Fri, Sep 27, 2002 at 10:50:08AM +0900, Yasuo Ohgaki wrote:
> Ilia A. wrote:
> >list think of this patch. I merely try to explain why I believe this
> >particular patch is not appropriate for standard PHP distribution.
>
> It will be yet another safe_mode like feature. i.e.
> it isn't secure a
On Thu, Sep 26, 2002 at 09:00:17PM -0400, Ilia A. wrote:
> It is not a job of the programming language to implement system, database
> security. This is simply not done. If you want to secure your PostgreSQL more
> so that you can with the current tools, the people you should be talking to
> ar
Ilia A. wrote:
> list think of this patch. I merely try to explain why I believe this
> particular patch is not appropriate for standard PHP distribution.
It will be yet another safe_mode like feature. i.e.
it isn't secure as it sounds. Users with a little knowledge
can access backend with socke
On Thu, Sep 26, 2002 at 09:31:44PM -0400, Ilia A. wrote:
> > PHP is full of tweaks and hacks specifically to augment and make easier the
> > job of the people using it.
>
> The only simular hack I can imagine you are referring to is safe_mode, which
> is a very ugly thing that was only implement
On September 26, 2002 08:48 pm, Jim Mercer wrote:
> On Thu, Sep 26, 2002 at 09:00:17PM -0400, Ilia A. wrote:
> > It is not a job of the programming language to implement system, database
> > security. This is simply not done. If you want to secure your PostgreSQL
> > more so that you can with the
On Thu, Sep 26, 2002 at 08:01:29PM -0400, Dan Kalowsky wrote:
> On Thursday, September 26, 2002, at 06:36 PM, Jon Parise wrote:
> >Isn't it generally better (where "better" means more secure,
> >efficient, and easily maintained) to handle database access control
> >using PostgreSQL's native access
On Thursday, September 26, 2002, at 06:36 PM, Jon Parise wrote:
> Isn't it generally better (where "better" means more secure,
> efficient, and easily maintained) to handle database access control
> using PostgreSQL's native access mappings?
>
Yep. Thus why it was created :)
>-
From: Jon Parise
> Isn't it generally better (where "better" means more secure,
> efficient, and easily maintained) to handle database access
> control using PostgreSQL's native access mappings?
I would think so, and IMHO, that's where pgsql access control
belongs, with pgsql.
Regards
Mike Ro
On Thu, Sep 26, 2002 at 02:15:52PM -0400, Jim Mercer wrote:
> this patch adds the config variable pgsql.allowed_dblist
[snip]
> although it can be accomplished by other means, setting the variable to a
> value of ":" effectively locks the code out of pgsql.
Isn't it generally better (where "
10 matches
Mail list logo
