| From: | Karsten Hilbert <Karsten(dot)Hilbert(at)gmx(dot)net> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: HIPPA (was Re: Anyone know ...) |
| Date: | 2007-03-09 16:45:28 |
| Message-ID: | 20070309164528.GK4883@merkur.hilbert.loc |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, Mar 09, 2007 at 11:02:45AM -0500, Kenneth Downs wrote:
> >>First, security is defined directly in terms of tables, it is not
> >>arbitrated by code. The "public" group has SELECT access to the
> >>articles table and the schedules tables, that's it. If a person figures
> >>out how our links work and tries to access the "claims" table it will
> >>simply come up blank (and we get an email).
>
> If a user has not logged in, that is, if they are an anonymous visitor,
> the web framework will connect to the database as the default "public"
> user. Our system is deny-by-default, so this user cannot actually read
> >from any table unless specifically granted permission. In the case
> being discussed, the public user is given SELECT permission on some
> columns of the insurance carriers table, and on the schedules table.
>
> The column-level security is important, as you don't want anybody seeing
> the provider id!
>
> If the user figures out our URL scheme, they might try something like
> "?gp_page=patients" and say "Wow I'm clever I'm going to look at the
> patients table", except that the public user has no privilege on the
> table. The db server will throw a permission denied error.
My interest was more towards the "we get an email" part.
What level do you send that from ? A trigger ?
Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Omar Eljumaily | 2007-03-09 16:52:25 | Re: Setting week starting day |
| Previous Message | Bill Moran | 2007-03-09 16:36:08 | Re: HIPPA (was Re: Anyone know ...) |