|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2000-08-23 08:59 UTC] sniper@php.net
[2000-08-23 19:15 UTC] jah@php.net
[2000-11-02 23:45 UTC] ronabop@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2026 The PHP GroupAll rights reserved. |
Last updated: Wed Jun 17 04:00:01 2026 UTC |
Functions pg_connect() and pg_pconnect() always connect to the PostgreSQL database with the user ID of the httpd server process. There is no way to set the user ID from PHP script, although Postgres connection protocol allows setting of username and password. This raises some security issues, because granting of access rights for database objects can't be properly imposed (user that httpd runs as has to have all rights to all database objects which PHP script must access). In the libpq library there are two database connection functions: PQsetdb() and PQsetdbLogin() with prototypes as: PGconn *PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions, const char *pgtty, const char *dbName, const char *login, const char *pwd) PGconn *PQsetdb(char *pghost, char *pgport, char *pgoptions, char *pgtty, char *dbName) The Postgres programming manual states that PQsetdb() is only a macro that calls PQsetdbLogin() with null pointers for the login and pwd parameters, and that it is provided primarily for backward compatibility with old programs!!! I looked up pgsql.c module a little bit, and I noticed that it still uses old PQsetdb() function, which not only might soon be obsolete, but does not allow for user and password for database connection to be set programmatically. I think that this issue should be addressed as soon as possible. I would do it myself, but I'm not that comfortable with C/C++ programming.