Re: Is this a security risk?

From: "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at>
To: "Adam Witney *EXTERN*" <awitney(at)sgul(dot)ac(dot)uk>, "pgsql-general" <pgsql-general(at)postgresql(dot)org>
Subject: Re: Is this a security risk?
Date: 2008-12-17 07:48:41
Message-ID: D960CB61B694CF459DCFB4B0128514C202DCBE33@exadv11.host.magwien.gv.at
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Adam Witney wrote:
> I would like to provide a limited view of my database to some users,
> so i thought of creating a second database (I can control access by IP
> address through pg_hba.conf) with some views that queried the first
> database using dblink.

In my opinion dblink is not the right tool for that.
It will require a user account on the "secret" database through which
dblink accesses it. You'd have to restrict permissions for that user
if you want to keep the thing secure.

So why not access the "secret" database directly with that user and
get rid of the added difficulty of dblink?

You can rely on the permission system. Just grant the user the appropriate
privileges on the necessary objects, and if you need the user to see
only part of the data in a table, create a view for that.

Yours,
Laurenz Albe

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Herouth Maoz 2008-12-17 08:38:40 Copy/delete issue
Previous Message Devrim GÜNDÜZ 2008-12-17 06:06:02 Re: Releasing new version of PostgreSQL Live CD