httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "D'Arcy J.M. Cain" <da...@Vex.Net>
Subject Re: [users@httpd] Using PostgreSQL auth - user permissions
Date Thu, 28 Feb 2013 19:20:28 GMT
On Thu, 28 Feb 2013 17:02:37 +0000
Tom Evans <tevans.uk@googlemail.com> wrote:
> >> I think the password for the user that connects to the DB should
> >> also be declared here like:
> >
> > I have two problems with that.  I don't know all of my user's
> > passwords and I don't want to store clear text passwords in the
> > configs.
> 
> I think you're going to have great difficulties getting Apache to
> query a database you cannot supply the credentials for..

Well, it already does that just fine with identd.  The user scripts,
running as the user thanks to suExec, open and query their own database
just fine.  It's only the dbd auth that doesn't work.

> Can you not create a specific role user that can access each user's

You mean a superuser account?

> DB. That way, you would not need to specify their password in the conf
> file, just your role users password. The conf file can also be only
> readable by root for on disk security.

Config files are managed with SVN so copies sit around in many places.

I am just a little disappointed that Apache goes through all the
trouble of supplying suExec and locking it down so well and yet it
still requires that I store passwords on disk or make passwords (even
encrypted) world readable. Similar issue with mod_php.  Even though the
site runs as the user, mod_php still runs as nobody so data files need
to be world writable.

-- 
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:darcy@Vex.Net
Voip: sip:darcy@Vex.Net

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message