I'm in charge of implementing *the* company database. This
database(pgsql) stores information that the whole company is meant to
see and will eventually store private information like social security
numbers, and pay rates.
problem 1
The server that the database and scripts are stored on is being used
for other purposes and many employees at the company will have shell
access to the server. So I need to protect my script with the database
username and password in it from other users. I know the easy way to do
this is to set the permissions on my files to 660 and set the group to
all the files as apache. And then add all my developers to the apache
group.
However that solution bugs me. So I thought I would ask what other
people did. I'm thinking that rather than use the apache group I will
user an other group for my developers and then just give apache read
access with acls, but I have never used acls before so I'm not sure if
that is a good solution.
problem 2
I have data in the database that everyone needs access to and other
data that needs to be restricted. So I have names, phone numbers and
social security numbers. I may want to give certain pgsql accounts and
scripts access to a persons name and phone number but not that persons
social security number. Should I create a separate table with a one to
one relation to store the private information? Then I can set
privileges on each table, or is there a better way to do this?
I hope some of that makes sense.
Kyle
--
no amount of fear can stop the rise of free media, or free software (they are
the same, after all)
Jonathan Swartz
CEO Sun Microsystems
_______________________________________________
UPHPU mailing list
[email protected]
http://uphpu.org/mailman/listinfo/uphpu
IRC: #uphpu on irc.freenode.net
