From: | "BARTKO Zoltan" <bartko(dot)zoltan(at)pobox(dot)sk> |
---|---|
To: | <btober(at)computer(dot)org>, <shridhar(at)frodo(dot)hserus(dot)net> |
Cc: | <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Securing a db app - RFC |
Date: | 2004-06-02 15:53:52 |
Message-ID: | 002d01c448b9$ce0e2680$0e5d10ac@antik.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Berend, Shridhar, et al.,
see lower
----- Original Message -----
From: <btober(at)computer(dot)org>
To: <shridhar(at)frodo(dot)hserus(dot)net>
Cc: <bartko(dot)zoltan(at)pobox(dot)sk>; <pgsql-general(at)postgresql(dot)org>
Sent: Wednesday, June 02, 2004 2:28 PM
Subject: Re: [GENERAL] Securing a db app - RFC
>
> > On Wednesday 02 June 2004 02:04, BARTKO Zoltan wrote:
> >> I would appreciate anyone wiser than me to comment on the following:
> >>
> >> I am making an app for PostgreSQL (the server). The clients are
> >> connecting through the same single user. ...
> >>
> >> If I want to access a function (like do this or that with data), I
> >> use a stored function and pass the id# of the user plus all the
> >> necessary things. First, I check if the person is authorized to carry
> >> out the operation. if so, the operation is performed.
> >>
> >> There are users, who are administrators. Thus, they are allowed to do
> >> anything.
> >>
> > You can probably use set session authorization. Here are some brief
> > steps.
> >
> > 1. Convert all your users as postgresql database users
>
>
> If he's going to do this, why bother with hard-coding a single user id
> and password in the application -- why not have the user log in as their
> defined Postgresql user, and let the data base handle all the security
> and permission issues?
>
Now my problem is that I have audit trails in the DB. I need to make it so
that the admin would just revive a deleted user any time the he wishes to do
so. Tell me if my comprehension is limited.
Thanks
Zoltan
From | Date | Subject | |
---|---|---|---|
Next Message | Alvaro Herrera | 2004-06-02 15:58:34 | Re: Insert speed question |
Previous Message | Alexander Cohen | 2004-06-02 15:50:33 | interactive backend output |