
January 2nd, 2003, 05:20 AM
|
|
|
Hi,
I came to this forum to post a similar question, so I will add to this thread. In reply to your first point, I can only su to postgres from root which I think is OK.
In order to get a PHP script to connect to a database, I had to set up "wwwrun" (the user that apache runs as on my system) as a user for postgres, using the "createuser" command, then grant permissions for this user.
But what worries me is, as you said, there is no password, so what is to stop anyone connecting to this database from a remote machine as the user "wwwrun"? I also couldn't define the host making the connection when granting permissions as you can in MySQL ( GRANT ..... TO user@localhost .....).
So - should I set a password for wwwrun? There must be a standard way making a connection in a secure way - could someone please point me in the right direction?
Hope this is some help to you - I found this tutorial helpful:
http://www-it.hive.no/database/pgsq...rial/intro.html
|