Re: Postgresql + digital signature

From: "Marko Kreen" <markokr(at)gmail(dot)com>
To: Luis Alberto Pérez Paz <midriasis(at)gmail(dot)com>
Cc: d(dot)wall(at)computer(dot)org, pgsql-general(at)postgresql(dot)org
Subject: Re: Postgresql + digital signature
Date: 2008-01-23 19:59:09
Message-ID: e51f66da0801231159s15d4cea0qd4ef0d8f86b9e703@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On 1/23/08, Luis Alberto Pérez Paz <midriasis(at)gmail(dot)com> wrote:
> Very interesting point of view.
> Yes, you're right about the manage key problem.
>
> The grant database access looks like a real solution.

Eh, for some reason I imagined you have have some good reason
why simple solutions are not enough...

Btw, if you try to simply rrestrict access to your data, one good
way for that is to make all data access and modification go via
SECURITY DEFINER functions, so that user have no access to
underlying data tables.

This gives both more flexible access handling than simple GRANTs
can give you and also give ability to do smooth schema upgrades
without applications noticing.

--
marko

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message brian 2008-01-23 19:59:22 Re: Count
Previous Message Jeff Davis 2008-01-23 19:54:52 Re: Count