From: | George Neuner <gneuner2(at)comcast(dot)net> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: Not clear how to switch role without permitting switch back |
Date: | 2017-01-10 17:09:01 |
Message-ID: | 9u2a7c97nc6s60rdh39us7lpohhghf6lpb@4ax.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Mon, 9 Jan 2017 23:05:47 -0800, Guyren Howe <guyren(at)gmail(dot)com>
wrote:
>For my Love Your Database Project:
>
>https://medium.com/@gisborne/love-your-database-lydb-23c69f480a1d#.8g1ezwx6r <https://medium.com/@gisborne/love-your-database-lydb-23c69f480a1d#.8g1ezwx6r>
>
>Im trying to see how a typical web developer might use Postgres
>roles and row-level security to implement their authorization.
>
>What Im struggling with is that connection pooling seems to make
>straightforward use of the roles to enforce access impossible.
>
>If Im using a connection pool, then Im not re-connecting to
>Postgres with the user for the current transaction. But then my
>only option is to use SET ROLE. But that is not much security at
>all, because the current user can just do SET ROLE back to the
>(presumably privileged) default, or to any other users role.
>
>What am I missing here?
That middleware can control what a user is permitted to do.
YMMV, but to me "web application" means there is a server-side program
sitting in front of the database and controlling access to it.
I grudgingly will permit *compiled* clients direct connection to an
Internet facing database, but I am dead set against allowing direct
connection from any browser hosted code because - regardless of any
"shrouding" that might be done - browser code is completely insecure,
accessible to anyone who can right-click on the page.
George
From | Date | Subject | |
---|---|---|---|
Next Message | Edmundo Robles | 2017-01-10 17:22:34 | Re: some amazing stuff |
Previous Message | Tomas Vondra | 2017-01-10 15:05:52 | Re: Slow index scan - Pgsql 9.2 |