| From: | Doug McNaught <doug(at)wireboard(dot)com> |
|---|---|
| To: | Konstantinos Agouros <elwood(at)agouros(dot)de> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: General Security-Question |
| Date: | 2001-06-18 21:10:28 |
| Message-ID: | m3u21dcx4r.fsf@belphigor.mcnaught.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Konstantinos Agouros <elwood(at)agouros(dot)de> writes:
> On Mon, Jun 18, 2001 at 05:02:45PM -0400, Doug McNaught wrote:
> > Honestly, I think the best way to do this is to create a Java class
> > (or classes) that implements all your business logic on the server
> > side, then have the applet make RMI calls into that API. You can pass
> > the applet a random cookie when it's created, and have the applet pass
> > that back as part of the RMI call, and then check in the server logic
> > to see whether the user is trying any funny stuff (like trying to see
> > or modify someone else's data).
> >
> > Make sense?
> That way I could bind the postgres-master zu 127.0.0.1 that might
> work though. My Problem is, that if I would use a regular
> applet/jdbc-connection the postmaster has to listen on the real
> network address and if I create normal dbaccounts, everybody could
> call psql and that is what I want to avoid. But I guess I go with
> the Static-ID-Part since it is easier to implement \:)
I'm not totally sure what you mean by the above, but good luck... ;)
-Doug
--
The rain man gave me two cures; he said jump right in,
The first was Texas medicine--the second was just railroad gin,
And like a fool I mixed them, and it strangled up my mind,
Now people just get uglier, and I got no sense of time... --Dylan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-06-18 21:19:23 | Re: General Security-Question |
| Previous Message | Konstantinos Agouros | 2001-06-18 21:06:03 | Re: General Security-Question |