| From: | Ron <rjpeace(at)earthlink(dot)net> |
|---|---|
| To: | pgsql-novice(at)postgresql(dot)org,pgsql-general(at)postgresql(dot)org |
| Subject: | A (hopefully) simple question re: secure pg <=> web application access |
| Date: | 2007-03-26 20:31:42 |
| Message-ID: | E1HVvrS-0004B8-9j@elasmtp-spurfowl.atl.sa.earthlink.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
I usually have a DBA available to me, but have to "wing it" this time...
I know what I =want=. What I don't know is ?how? to do it?
I want to set up a web app to have access privileges that allow the
app to communicate only with certain
a= pg stored procedures or
b= java servlets which then talk to pg stored procedures (think
Apache + Tomcat but not J2EE environment with a possible Hibernate layer).
The pg stored procedures will be the only things that have the
privileges to actually do DB IO.
Since the web app can only talk to a restricted set of entities, and
I can "lock down" those entities and/or verify traffic with them to
my heart's content, this seems to be the best way to avoid SQL code
injection, processes that bootstrap their privileges, etc, etc.
So how do I do this?
Ron
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martijn van Oosterhout | 2007-03-26 21:00:12 | Re: get value after updating table |
| Previous Message | Martin Gainty | 2007-03-26 20:06:55 | Re: get value after updating table |