Re: Connecting remotely - multi tier

From: Greg Speegle <Greg(at)10happythings(dot)com>
To: pgsql-interfaces(at)postgresql(dot)org
Subject: Re: Connecting remotely - multi tier
Date: 2000-11-02 19:42:34
Message-ID: 3A01C3AA.ACF61B2@10happythings.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-interfaces

keke abe wrote:

> Adam Lang wrote:
>
> > Ok... so if I am writing a distributed application in windows that will use
> > a Postgresql backend, I should have the client interface another "server"
> > application, which will inturn access/retrieve informaton from the database?
>
> I'd like to know if this kind of layering is mandatory or not. Is it really
> unacceptable to expose the Posgresql backend to the rest of the world? Is
> there anything that I should be aware of if I let the clients to talk to
> the backend directly.
>
> regards,
> abe

I'd say it is mandatory. You are opening yourself up as an easy target for
hackers if they can go directly to your database. Think about it. If any
hole in the database security is discovered, then your goose is cooked
right away. Getting the database off the web and behind a firewall should
be the least you do. That gives you two levels of protection -- the firewall
and the database.

Plus, on the postgresql side, it is much easier to have one restricted user
account from one specific machine than to try to manage thousands of
dynamically created accounts.

Just my opinion, of course.

Greg Speegle

In response to

Responses

Browse pgsql-interfaces by date

  From Date Subject
Next Message Adam Lang 2000-11-02 19:57:02 Re: Connecting remotely - multi tier
Previous Message Adam Lang 2000-11-02 19:39:11 Re: Connecting remotely - multi tier