From: | Konstantinos Agouros <elwood(at)agouros(dot)de> |
---|---|
To: | Doug McNaught <doug(at)wireboard(dot)com> |
Cc: | Konstantinos Agouros <elwood(at)agouros(dot)de>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: General Security-Question |
Date: | 2001-06-18 21:06:03 |
Message-ID: | 20010618230602.A31247@rumba.agouros.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Mon, Jun 18, 2001 at 05:02:45PM -0400, Doug McNaught wrote:
> elwood(at)agouros(dot)de (Konstantinos Agouros) writes:
>
> > can I stop people from updating the data of the others. The one
> > thing that came to my mind was not creating database-users but
> > instead use a static user, and let the application handle the logic
> > who can access which lines in the database (its also a matter of
> > dataprivacy, one should be allowed to watch one's own data but not
> > of the others, the team-manager should see the data of the team
> > etc). The read-access can be implemented using views but I don't
> > see much other way for data-entry. Somebody has an idea?
>
> Honestly, I think the best way to do this is to create a Java class
> (or classes) that implements all your business logic on the server
> side, then have the applet make RMI calls into that API. You can pass
> the applet a random cookie when it's created, and have the applet pass
> that back as part of the RMI call, and then check in the server logic
> to see whether the user is trying any funny stuff (like trying to see
> or modify someone else's data).
>
> Make sense?
That way I could bind the postgres-master zu 127.0.0.1 that might work though.
My Problem is, that if I would use a regular applet/jdbc-connection the post-
master has to listen on the real network address and if I create normal db-
accounts, everybody could call psql and that is what I want to avoid. But I
guess I go with the Static-ID-Part since it is easier to implement \:)
Konstantin
--
Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: elwood(at)agouros(dot)de
Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185
----------------------------------------------------------------------------
"Captain, this ship will not sustain the forming of the cosmos." B'Elana Torres
From | Date | Subject | |
---|---|---|---|
Next Message | Doug McNaught | 2001-06-18 21:10:28 | Re: General Security-Question |
Previous Message | Doug McNaught | 2001-06-18 21:02:45 | Re: General Security-Question |