| From: | Douglas McNaught <doug(at)mcnaught(dot)org> |
|---|---|
| To: | "Kynn Jones" <kynnjo(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Automating access grants |
| Date: | 2007-03-15 11:38:25 |
| Message-ID: | 87bqiuivny.fsf@suzuka.mcnaught.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
"Kynn Jones" <kynnjo(at)gmail(dot)com> writes:
> We have an in-house Postgres database that we would like to make
> publicly accessible via a password-less login (user: anonymous). (We
> already have a web front-end for this database, but we have had a lot
> of requests to allow programmatic access in a way that does not
> require scraping web pages; FWIW, web scraping of this site is already
> disallowed in our TOS.)
Honestly, I would consider writing a web (i.e. SOAP or XML-RPC)
service for this purpose rather than using allowing direct access.
That lets you control what kind of queries can be run. It's more
work, but much cleaner and more secure. There are too many ways even
a read-only user can perform a DOS attack.
-Doug
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2007-03-15 11:52:42 | Re: Automating access grants |
| Previous Message | Albe Laurenz | 2007-03-15 10:49:46 | Re: database locks |