[Dbconfig-common-devel] Re: Best practice for allowing access to a
postgres db
Martin Pitt
mpitt at debian.org
Sat Oct 1 14:05:55 UTC 2005
Hi again,
For reference, this is my current spec:
pg_add_hba [options] yourwebappdb yourwebappuser
pg_test_hba [options] yourwebappdb yourwebappuser
pg_remove_hba [options] yourwebappdb yourwebappuser
Options:
--cluster: self-explanatory, defaults to default cluster
--ip: IP and netmask for host socket; if not given, defaults to Unix
socket (local)
--method: defaults to "md5" for TCP connections, and "ident" for
Unix socket connections
--force-ssl: If given, create a "hostssl" entry, otherwise a "host"
entry
For pg_remove_hba, only --cluster is allowed; it will remove all hba
entries that refer to the given db/user pair. pg_test_hba checks whether the
given connection is allowed; if so, it exits with 0, otherwise it prints the
required pg_hba.conf line to stdout and exits with 1. If pg_hba.conf has a
scrambled format that cannot be parsed by pg_*_hba, the scripts exit with 2.
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian Developer http://www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/dbconfig-common-devel/attachments/20051001/dc465a6a/attachment.pgp
More information about the Dbconfig-common-devel
mailing list