| From: | Leonardo F <m_lists(at)yahoo(dot)it> |
|---|---|
| To: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Authentication method for web app |
| Date: | 2010-05-13 07:21:18 |
| Message-ID: | 749192.46242.qm@web29012.mail.ird.yahoo.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi all,
we're going to deploy a web app that manages users/roles for another
application.
We want the database to be "safe" from changes made by malicious
users.
I guess our options are:
1) have the db listen only on local connections; basically when the
machine is accessed the db could be "compromised". Hardening the
server access is the only true security defense we have.
2) Use, as user/password, the same user/password used to
enter the web app. Basically there would be a 1 to 1 matching between
our app users (and password...) and the db users (with proper
permissions...)
I'm not a great expert on these things (as you've already guessed...).
Can someone help me?
Thank you
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2010-05-13 07:21:46 | Re: current_user in seucurity DEFINER functions |
| Previous Message | strk | 2010-05-13 06:57:18 | current_user in seucurity DEFINER functions |