2011/6/16 Manuel Gysin <manuel.gysin@quantum-bytes.com>:
>>From: "Pavel Stehule" <pavel.stehule@gmail.com>
>>
>>Hello
>>
>>try to use a security definer functions
>>
>>http://www.postgresql.org/docs/current/static/sql-createfunction.html
>>
>>inside this function you can access to resourcess thats are no
>>available from outer for web user
>>
>>Regards
>>
>>Pavel Stehuke
>
> I understand the idea behind it but it does not protect me when someone can dump the whole database.
> He can simply change the user credentials and can access this function. But anyway thanks for the hint, it's useful
toimprove security!
>
if attacker can dump a database, then any protection is terrible hard
or impossible :(
if you store some very good salted hash instead password to database,
then access to dump isn't helpful for attacker.
Regards
Pavel Stehule
p.s. any security protections are thin without full control over server.