#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2003
    Posts
    1
    Rep Power
    0

    creating postgresql users through cgi scripts


    Hi all
    I'm attempting to write a perl script that allows one to create a postgresql user with his/her password from their input on an html form. I am having trouble writing the system calls in perl, particularly inputting the password text when postgresql requests the password for a username. I have given the user apache priveleges to create new users in postgresql but i still end up getting internal server errors. If you have any suggestions let me know

    #!/usr/bin/perl -w
    use Pg;
    use DBI;
    use CGI qw/:standard/;
    use strict;
    print "Content-type: text/html\n\n";
    my $q = new CGI;
    my $INPUT = $q->Vars;

    #data taken from the form
    my $username = $INPUT->{username};
    my $password = $INPUT->{password};

    #make a user
    system("createuser -d -a -P -E $username");
    system("$password");#not sure about these two lines
    system("$password");# (retype password)
  2. #2
  3. No Profile Picture
    Apprentice Deity
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 1999
    Location
    Niagara Falls (On the wrong side of the gorge)
    Posts
    3,237
    Rep Power
    19
    You'd be better off connecting to the postmaster directly via DBI or DBD::Pg and issuing a CREATE USER query.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2003
    Posts
    373
    Rep Power
    12
    I'm guessing that if you have pl/perl on your system then you could write those create user parts based on perl variables. I know to include non-standard perl modules you have to have installed it as an untrusted language.

    here we are from the manual:

    Sometimes it is desirable to write Perl functions that are not restricted --- for example, one might want a Perl function that sends mail. To handle these cases, PL/Perl can also be installed as an "untrusted" language (usually named plperlu). In this case the full Perl language is available. The writer of a PL/PerlU function must take care that the function cannot be used to do anything unwanted, since it will be able to do anything that could be done by a user logged in as the database administrator. Note that the database system allows only database superusers to create functions in untrusted languages.

    so from what I gather I think you could create that function inside the database, then you would run it with arguments of who the user is to create, then you could execute the function using one line in a perl cgi program that would be a call to psql with -host and user and the command (calling your function)... you as the person who is executing the program would be able to just use the postgres account or whatever your account to write the command in there. The perl source is hidden from the HTML browser only the generated HTML is visible.

IMN logo majestic logo threadwatch logo seochat tools logo