On Mon, Dec 20, 2004 at 17:21:02 -0000,
"Dearman, Rick" <rick.dearman@teamuk.telstra.com> wrote:
> I have a requirement from my security manager but I can't seem to find a good solution. So I wondered if someone had
donesomething similar.
>
> We have a web portal and a DB in PostgreSQL (obviously) which contains user data. The portal is accessed by account
managerswho have access to only specific user accounts. This all works fine however the concern is that if you ever got
accessmore directly into the DB through a hack, or poorly designed site code, you could potentially access information
thatyou shouldn't.
If the managers access the web site using their DB credentials then you can
enforce the proper access in the DB using views and/or security definer
functions.
If the managers don't have their own DB accounts, then the web application
needs to be trusted and should can spend your effort securing that.
Implementing a cache inbetween doesn't seem help in solving your problem.