| From: | "Saleem EDAH-TALLY" <nmset(at)netcourrier(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: postgresql.key secure storage |
| Date: | 2009-09-13 13:40:38 |
| Message-ID: | 200909131540.38506.nmset@netcourrier.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
>A user must have the TRUNCATE privilege to truncate a table or be the
>tables owner.
Well the TRUNCATE example I mentioned is perhaps not explicit of what I meant
to say. A user who can modify data in a client application can also modify
data if he connects directly to the database, bypassing the client
application, with commands like 'UPDATE tbl SET col = value' Even if a few
rows are concerned, data is yet inconsistent. The only way to prevent this is
by preventing a direct access to the sever via a client like psql for example.
With or without use of SSL, it is not possible, unless I'm missing something.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rajesh Kumar Mallah | 2009-09-13 15:04:07 | schema proxying virtual database |
| Previous Message | Alban Hertroys | 2009-09-13 12:55:29 | How to match sets? |