| From: | Adam Witney <awitney(at)sgul(dot)ac(dot)uk> |
|---|---|
| To: | "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
| Cc: | "pgsql-general" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Is this a security risk? |
| Date: | 2008-12-17 14:54:30 |
| Message-ID: | 8EBCE14D-7CC8-4EEB-9BB1-FEAB0AAAF6D0@sgul.ac.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 17 Dec 2008, at 14:44, Albe Laurenz wrote:
> Adam Witney wrote:
>>>> I would like to provide a limited view of my database to some
>>>> users,
>>>> so i thought of creating a second database (I can control access by
>>>> IP
>>>> address through pg_hba.conf) with some views that queried the first
>>>> database using dblink.
>>>
>>> In my opinion dblink is not the right tool for that.
>>> It will require a user account on the "secret" database through
>>> which
>>> dblink accesses it. You'd have to restrict permissions for that user
>>> if you want to keep the thing secure.
>>>
>>> So why not access the "secret" database directly with that user and
>>> get rid of the added difficulty of dblink?
>>>
>>> You can rely on the permission system. Just grant the user the
>>> appropriate
>>> privileges on the necessary objects, and if you need the user to see
>>> only part of the data in a table, create a view for that.
>>
>> thanks for your reply,
>>
>> The user already has permissions within the 'secret' database, but
>> normally they interact with it through a web interface only. I was
>> worried that the user could get in and mess around with other things,
>> such as the sequences which are used to populate primary keys.
>>
>> Also ideally I only wanted to create a read only access to certain
>> parts of the database, I couldn't think of any other way to do it...
>> are there any more standard ways of doing this?
>
> Yes.
>
> You grant read access with GRANT SELECT ON table/view TO user.
>
> It's no less secure than accessing a database as that user via dblink.
thanks again for your email.
The problem is that the user account already has SELECT/UPDATE/INSERT/
DELETE access on the views, as they need it when accessing the
database through the web interface. What i wanted to do is provide a
read only access to only some views (this is for a programmatic
querying API). By using the second database i could restrict access to
this side of it using IP address filtering in the pg_hba.conf file.
thanks again
adam
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2008-12-17 15:16:54 | Re: Planner hints in SELECT queries? |
| Previous Message | Albe Laurenz | 2008-12-17 14:44:14 | Re: Is this a security risk? |