Re: Disallow access from psql, or allow access only from specific client app

From: John R Pierce <pierce(at)hogranch(dot)com>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: Disallow access from psql, or allow access only from specific client app
Date: 2011-07-25 01:12:02
Message-ID: 4E2CC2E2.7000606@hogranch.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On 07/24/11 2:36 PM, Mario Puntin wrote:
>
> Hi everybody:
> I searched the web trying to find an answer to this, but found none. I
> have a postgresql server and a database, and I granted access to some
> users.
> However I want them to access the data only through some specific
> client application. I do not want them to have access through psql or
> some other kind of client app. But, as I created them a user/pass they
> could use them.
> What would you do?
> Thanks in advance.
>

I would put ALL the database access in a webservice, running on a
secured server, which their client program accesses and ONLY that
webservice has the access credentials to connect to the database.

so, the user runs a client program, it has credentials to connect to
this webservice (tomcat, or whatever), but no direct access to the
database at all. the user's workstations are flat denied any access to
the database even if they did have the credentials.

the webservice has all the business logic that queries the database.
so if the client app needs to edit a customer record, for example, it
makes a remote procedure call to the webservice
"EditClientRecord(....)", and that in turn connects to SQL and does the
dirty work.

--
john r pierce N 37, W 122
santa cruz ca mid-left coast

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Yan Chunlu 2011-07-25 01:56:23 Re: streaming replication does not work across datacenter with 20ms latency?
Previous Message Craig Ringer 2011-07-24 23:13:26 Re: Disallow access from psql, or allow access only from specific client app