| From: | "Marko Kreen" <markokr(at)gmail(dot)com> |
|---|---|
| To: | Luis Alberto Pérez Paz <midriasis(at)gmail(dot)com> |
| Cc: | d(dot)wall(at)computer(dot)org, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Postgresql + digital signature |
| Date: | 2008-01-23 19:59:09 |
| Message-ID: | e51f66da0801231159s15d4cea0qd4ef0d8f86b9e703@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 1/23/08, Luis Alberto Pérez Paz <midriasis(at)gmail(dot)com> wrote:
> Very interesting point of view.
> Yes, you're right about the manage key problem.
>
> The grant database access looks like a real solution.
Eh, for some reason I imagined you have have some good reason
why simple solutions are not enough...
Btw, if you try to simply rrestrict access to your data, one good
way for that is to make all data access and modification go via
SECURITY DEFINER functions, so that user have no access to
underlying data tables.
This gives both more flexible access handling than simple GRANTs
can give you and also give ability to do smooth schema upgrades
without applications noticing.
--
marko
| From | Date | Subject | |
|---|---|---|---|
| Next Message | brian | 2008-01-23 19:59:22 | Re: Count |
| Previous Message | Jeff Davis | 2008-01-23 19:54:52 | Re: Count |