Re: Large Project, Integration with existing Oracle and MS SQL

From: Richard Huxton <dev(at)archonet(dot)com>
To: Patrick Carroll <paddy(dot)carroll(at)gmail(dot)com>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: Large Project, Integration with existing Oracle and MS SQL
Date: 2007-07-05 08:55:35
Message-ID: 468CB207.2090501@archonet.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Patrick Carroll wrote:
> There has got to be some persistence, there will be a lot of tables and
> metadata and it may have to handle validation requirements for other apps
> doing secure file transfer and a bespoke secure http proxy and it's
> going to
> be a speculative buffer against protocol based worms crossing into the
> production environment.

OK, in that case I would have:
- one PG database for each Oracle/MSSQL database being transferred
- two users for each database being transferred, one "inside", one "outside"
- each user is only allowed to connect to that database from a pre-set
IP address (via pg_hba.conf)
- lock down the permissions for each user appropriately

If you want to go the procedure/function route to access each DB you can
define your DBs as SECURITY DEFINER for operations that need "superuser"
permissions.

I'd use Perl to hook it all together, but you mentioned jdbc, so
presumably you'll be going for Java.

--
Richard Huxton
Archonet Ltd

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Patrick Carroll 2007-07-05 10:21:28 Re: Large Project, Integration with existing Oracle and MS SQL
Previous Message Patrick Carroll 2007-07-05 08:33:30 Re: Large Project, Integration with existing Oracle and MS SQL