Re: User permissions

From: "Lars Preben S(dot) Arnesen" <l(dot)p(dot)arnesen(at)usit(dot)uio(dot)no>
To: tony <tony(at)animaproductions(dot)com>
Cc: postgres list <pgsql-general(at)postgresql(dot)org>
Subject: Re: User permissions
Date: 2002-03-12 14:15:01
Message-ID: yfrvgc16ffe.fsf@lpsa.uio.no
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

[ tony ]

> What middleware are you using? If you are using Java/JSP then you fix
> the permissions at the web page level.

I'm going to use Zope, but that's not the point. If the web
application layer contains holes, it may enable the web user to pass
on sql commands through the application layer down to the database. Of
course I'm going to do all I can to prevent this, but I want security
in the database layer.

The web user is going to fetch, alter and insert data into the
database, but I want to do it in controlled forms - by predefining
functions for all the legal operations.

--
Lars Preben

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Joseph Koenig 2002-03-12 14:17:41 cannot initdb
Previous Message tony 2002-03-12 14:06:59 Re: User permissions