| From: | "Jim C(dot) Nasby" <jim(at)nasby(dot)net> |
|---|---|
| To: | Josh Berkus <josh(at)agliodbs(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: RFC: Security documentation |
| Date: | 2004-02-11 17:46:24 |
| Message-ID: | 20040211174624.GC32360@nasby.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, Feb 08, 2004 at 11:24:56PM -0800, Josh Berkus wrote:
> The problem with this approach, of course, is that large application
> developers generally like to make the database fairly "passive" and put all
> business & security logic in the middleware. I do think it would be useful
> for them to realize that they are sacrificing a significant portion of their
> data security by doing so.
Perhaps what would be best is some kind of a 'best practices' guide.
There's far more that people should consider beyond just quoting
strings; Josh's example is just one thing.
If written carefully, such a guide could serve both experienced DBAs as
well as people who are very new to databases, since every database has
it's own prefered way of doing things.
--
Jim C. Nasby, Database Consultant jim(at)nasby(dot)net
Member: Triangle Fraternity, Sports Car Club of America
Give your computer some brain candy! www.distributed.net Team #1828
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mark Gibson | 2004-02-11 18:03:48 | Re: [GENERAL] dblink - custom datatypes don't work |
| Previous Message | Mike Benoit | 2004-02-11 17:32:22 | Re: Summary of Changes since last release (7.4.1) |