On Mon, 16 Aug 2004 19:41:17 -0500 "Todd Lewis" <lewis-todd@xxxxxxxxxxx> sat
down, thought long and then wrote:
> Just a followup question.
>
> I'm fairly new to using PHP and pg. Security wise how could I limit a request
> such as this? I'm assuming that if you have given a PHP user the ability to
> create tables, the user also has the ability to truncate and delete tables as
> well.
>
A database user has not much in common with a PHP user (or a UNIX- or other
system user). The tables will be created with the database user you have
connected with (if you use authentication other than trust or ident, see
pg_hba.conf for details).
So if you create tables within PHP, you create them as the connecting database
user, and of course the creator may destroy them as well.
But if you have a database, in which the tables are owned by user A and you
connect with user B, user B may create tables owned by himself, but usually may
not drop tables owned by user A, if he has not explicitly been granted so.
What I do is: I have a database, in which all tables are owned by user A (a
superuser) and user B (the PHP connecting user) has the right to read, write,
update the tables, so he can work with them. But user B is not able to drop a
table of user A. User B, however, is allowed to create and drop his own tables,
if he likes.
If you connect every PHP user as a different database user, no database user is
able (if not explicitly granted) to drop other users´ tables. If not granted so,
he is not even able to touch them (he could see their existence, however).
Regards,
--
Frank Finner
Memory follows memory, memory defeats memory; some things are banished
only into the realms of our rich imaginings - but this does not mean
that they do not or cannot or will not exist - they exist! They exist!
(M. Moorcock, "The Revenge Of The Rose")
