From: | Sim Zacks <sim(at)compulab(dot)co(dot)il> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: Security setup. |
Date: | 2011-09-11 07:44:33 |
Message-ID: | 4E6C66E1.6050305@compulab.co.il |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
The problem with trust is that it means that any user can type in any
other users login name and get access without knowing his password. Even
if your app is the only access point to the database, you still have to
worry about a user installing psql or other client onto his desktop and
accessing the database directly.
If your application is logging in, you still don't want to use trust
because you can put the password into the application. The level of
security that you require will depend a lot on the application
infrastructure. For example, if you are using an application server then
you can limit access of the database to the IP address of the app server
and the DBA's computer. That way you don't have to worry about anybody
installing a rogue client.
Sim
On 09/10/2011 10:42 PM, mgould(at)isstrucksoftware(dot)net wrote:
>
> We have a very solid security appliance which sits in front of our
> domain controller. All traffic from our users is also controlled via
> a citrix login and they only have access to the published apps, no
> desktops.
>
> We have been thinking of using trust as our security method. If we
> decide to use this will we be required to enter the users into the
> database?
>
> The other option might be using SSL and entering in the users to the
> db. We still have to build internal security tables which handle
> procedure and data level security so pushing the login to the database
> isn't that big of a deal.
>
> Michael Gould
> Intermodal Software Solutions, LLC
> 904-226-0978
>
From | Date | Subject | |
---|---|---|---|
Next Message | Sim Zacks | 2011-09-11 12:03:00 | Re: Security setup. |
Previous Message | mgould | 2011-09-10 19:42:46 | Security setup. |