Re: Advice needed on application/database authentication/authorization/auditing model

From: Peter Bex <Peter(dot)Bex(at)xs4all(dot)nl>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: Advice needed on application/database authentication/authorization/auditing model
Date: 2010-10-22 16:27:17
Message-ID: 20101022162717.GE9770@frohike.homeunix.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Fri, Oct 22, 2010 at 08:20:11PM +0400, Dmitriy Igrishin wrote:
> Hey Peter,

Hello Dmitriy,

> > As far as I can see, this would imply either creating views on the
> > <whatever> for every user (or company?), or manually crafting queries
> > to do the same. The latter is of course what most webapps do, and it is
> > a frequent cause of errors and, hence, vulnerabilities.
> >
> Yes, liberal use of views and rules are the best solutions in this case IMO.

Do you know of an open source application that does that so I can see
it in practice?

I'd like to learn how it's done in practice because right now it seems
to me that this would be rather complicated to manage.

Cheers,
Peter
--
http://sjamaan.ath.cx
--
"The process of preparing programs for a digital computer
is especially attractive, not only because it can be economically
and scientifically rewarding, but also because it can be an aesthetic
experience much like composing poetry or music."
-- Donald Knuth

In response to

Browse pgsql-general by date

  From Date Subject
Next Message bricklen 2010-10-22 16:38:34 Re: pg view of table columns needed for scripting
Previous Message Dmitriy Igrishin 2010-10-22 16:20:11 Re: Advice needed on application/database authentication/authorization/auditing model