From: | "Saleem EDAH-TALLY" <nmset(at)netcourrier(dot)com> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: postgresql.key secure storage |
Date: | 2009-09-13 13:40:38 |
Message-ID: | 200909131540.38506.nmset@netcourrier.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
>A user must have the TRUNCATE privilege to truncate a table or be the
>tables owner.
Well the TRUNCATE example I mentioned is perhaps not explicit of what I meant
to say. A user who can modify data in a client application can also modify
data if he connects directly to the database, bypassing the client
application, with commands like 'UPDATE tbl SET col = value' Even if a few
rows are concerned, data is yet inconsistent. The only way to prevent this is
by preventing a direct access to the sever via a client like psql for example.
With or without use of SSL, it is not possible, unless I'm missing something.
From | Date | Subject | |
---|---|---|---|
Next Message | Rajesh Kumar Mallah | 2009-09-13 15:04:07 | schema proxying virtual database |
Previous Message | Alban Hertroys | 2009-09-13 12:55:29 | How to match sets? |