Re: Client/Server Security question

Lonnie Cumberland [lonnie_cumberland(at)yahoo(dot)com] wrote:

> In the interest of security, I am wondering if it is possible to turn off some
> of the functions in the SQL command list such that a user can only communicate
> to the database through our functions.

I suggest using a specialised SQL Proxy on the entry gateway that allows
only a certain set of SQL functions from one host and relays the to the
DB inside. This ensures that possibly dangerous commands like 'DROP' or
'CREATE USER' will never reach the DB regardless of the permissions of
the username used by the proxy.

I don't know of any existing (postgre-)sql proxy solutions yet, though.

> but I only want to allow an outside
> query to only one or two of our selected entry points.

Set appropiate packet filtering rules on both the webserver and the
entry point(s).

HTH,
Hauke

--
Hauke Lampe - TUCCO - The Universal Communication Company
http://www.tucco.de - fon: +49-40-65777-510, fax: +40-40-65777-250