| From: | John R Pierce <pierce(at)hogranch(dot)com> |
|---|---|
| To: | 野村 <nomura(at)ir-alt(dot)co(dot)jp> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: javascript and postgres |
| Date: | 2009-02-24 17:06:37 |
| Message-ID: | 49A4291D.9020207@hogranch.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
野村 wrote:
> Web pages have username and password with basic, digest or ldap
> authorization. So if I createuser with same user and password, and if
> there is md5 or something to encode password, I wonder javascript
> connects to postgres securely.
>
for that to work, irregardless of security aspects, the postgres client
libraries would have to be installed on each web browser system, in a
form that javascript could invoke. However, I've not heard of any
javascript -> postgres bindings suitable for use in a webbrowser context...
Javascript in a webbrowser is running in a sort of sandbox and isn't
supposed to be allowed to make its own network connections, or call
system libraries directly, allowing this would be a gross security flaw
(for instance, a hostile web page could take over a users computer).
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jordi Romagos | 2009-02-24 17:07:07 | Array to IN or UNION |
| Previous Message | Thom Brown | 2009-02-24 16:55:45 | Warm standby failover mechanism |