[SL] Re: pgsql connection type, users, auth

  • From: Richard Hector <rhector@xxxxxxxxxxxxxxx>
  • To: sql-ledger-users@xxxxxxxxxxxxxx
  • Date: Sun, 13 Apr 2003 22:09:29 +1200

On Sun, Apr 13, 2003 at 10:18:23AM +0800, summer@xxxxxxxxxxxxxxxxxxxxxxx wrote:
> 
> On Sun, 13 Apr 2003, Richard Hector wrote:
> 
> > 
> > Apologies if this is a repost, though I think the old one got blocked.
> > 
> > I'm getting confused.
> > 
> > In the FAQ, it says to use this line in pg_hba.conf:
> > local  all  trust
> > 
> > which I understand refers to unix socket-based connections.
> > 
> > But in the Debian instructions, it says to set
> > 
> > TCPIP_SOCKET = 1
> > 
> > in postgresql.conf.
> > 
> > Don't these two contradict? Or at least, if one is relevant, the other 
> > isn't?
> 
> TCPIP_SOCKET=1 allows TCP/IP connections - that is, connections from the
> network.

Yes, that's my point. Surely SL doesn't need to use both network connections
_and_ unix sockets? So why require both to be enabled?

Once I figure out properly which SL needs, I'll have a better idea of what I
need in my pg_hba.conf.

> > And if I'm using trust, doesn't that render anyone able to log in to SL?
> 
> You are betting that nobody can gain access to your database server.
> 
> I prefer passwords.

My thought too. But I gather it has to be the plain text password; crypt &
md5 don't work, right?

> > Do I need to create each user with createuser (CREATE USER) before adding 
> > them
> > to SL?
> 
> Your web application (sl in this case) can be the user and do its own
> validation. You could create a user (sl) with a password (slsecret) and
> have sl login with these credentials.

So you suggest that everyone uses the same DB user name, rather than having
one each? My impression from reading the docs was that at least the database
owner shouldn't be used on a regular basis. but maybe I misinterpreted it.

> Take a look at this on your system:
> [toot@gw local]# cat sql-ledger/users/members | sed -e 's/=.*/=/'

It's a bit empty at the moment; I deleted the users I'd created. But I'll keep
an eye on it when I put them back in. I take it that sed was just to hide the
passwords from the list?

Many thanks,

Richard

Other related posts:

  1. Home
  2. sql-ledger-users
  3. Archive
  4. 04-2003