Search Postgresql Archives

Re: Disable executing external commands from psql?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



* Ken Tanzer (ken.tanzer@xxxxxxxxx) wrote:
> OK one more question on this thread.  It occurs to me that for the web  
> app, DB username and password is read from a configuration file.  (I  
> understand this to be a common method for web applications.)  But since  
> apache needs to read the file, then all users can read each others'  
> passwords.  Arrghh.  I'm just wondering how web hosters typically deal  
> with this issue (or is your info for, say, Wordpress exposed to other  
> users if they know where to look for it?)  Sorry if this is too 
> off-topic...

Have the username/password for each user site passed through
environment variables which are in the apache config file for the
virtual site they have access to the web root of.  Then deny access to
the apache config files (the users don't really need access to it
anyway, and neither does www-data; apache will read them as root during
startup).

	Thanks,

		Stephen

Attachment: signature.asc
Description: Digital signature


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux