Re: Securing a db app - RFC
От | |
---|---|
Тема | Re: Securing a db app - RFC |
Дата | |
Msg-id | 64713.216.238.112.88.1086179307.squirrel@$HOSTNAME обсуждение исходный текст |
Ответ на | Re: Securing a db app - RFC (Shridhar Daithankar <shridhar@frodo.hserus.net>) |
Ответы |
Re: Securing a db app - RFC
|
Список | pgsql-general |
> On Wednesday 02 June 2004 02:04, BARTKO Zoltan wrote: >> I would appreciate anyone wiser than me to comment on the following: >> >> I am making an app for PostgreSQL (the server). The clients are >> connecting through the same single user. ... >> >> If I want to access a function (like do this or that with data), I >> use a stored function and pass the id# of the user plus all the >> necessary things. First, I check if the person is authorized to carry >> out the operation. if so, the operation is performed. >> >> There are users, who are administrators. Thus, they are allowed to do >> anything. >> > You can probably use set session authorization. Here are some brief > steps. > > 1. Convert all your users as postgresql database users If he's going to do this, why bother with hard-coding a single user id and password in the application -- why not have the user log in as their defined Postgresql user, and let the data base handle all the security and permission issues? --Berend Tober
В списке pgsql-general по дате отправления: