| From: | Luca Ferrari <fluca1978(at)gmail(dot)com> |
|---|---|
| To: | Peter Wainaina <petwah17(at)gmail(dot)com> |
| Cc: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Permission for not Django app to do Write and Read |
| Date: | 2019-08-24 11:22:38 |
| Message-ID: | CAKoxK+5G2MoNs23Ge52Eq4LP9dUN5X+hLDxjvr=26-+2JSNyLg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin pgsql-general |
On Sat, Aug 24, 2019 at 11:53 AM Peter Wainaina <petwah17(at)gmail(dot)com> wrote:
>
> Thanks much for the response. This is what I mean am a database administrator for a production company and the product owner doesn't want me to be able to either read or write information that will come from Django application.
I personally hate this kind of setup, because it does not make any
sense to me that a developer must setup an application that must
interact with a database that the developer himself cannot interact
with.
However, keep it simple: define a django user, assign each object to
such user, revoke any permission from public.
And then let's the product owner setup a password.
Or look at pgcrypto, because the ony reliable way to deal with "don't
look at my data" setup is cryptography.
Luca
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter J. Holzer | 2019-08-25 08:44:18 | Re: Permission for not Django app to do Write and Read |
| Previous Message | Luca Ferrari | 2019-08-24 09:52:11 | Re: Postgres PITR: Recovery does not seem to fetch from Archive Dir |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Howard Wells | 2019-08-24 22:42:59 | Postgres SQLSTATE[08006] [7] timeout expired |
| Previous Message | Thiemo Kellner | 2019-08-24 10:18:15 | Re: timestamp out of range while casting return value to function's return type |