Обсуждение: Client/Server Security question
Hello All, We are developing an application that will allow our websites to talk to our database. In the interest of security, I am wondering if it is possible to turn off some of the functions in the SQL command list such that a user can only communicate to the database through our functions. What I mean is this. We have built a number of "C" extensions and PL/pgSQL proceedures that will work on our database, but I only want to allow an outside query to only one or two of our selected entry points. The webserver interface query statement might, for example, be able to only call "select register_user(.......)" or "select login_user(....)" and NONE of the other PostgreSQL command functions. I only want to allow access to these functions from the outside world, but the server needs to be able to execute all of the original functions without restrictions. Any information on this would be greatly appreciated, Lonnie __________________________________________________ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/
Lonnie Cumberland [lonnie_cumberland@yahoo.com] wrote: > In the interest of security, I am wondering if it is possible to turn off some > of the functions in the SQL command list such that a user can only communicate > to the database through our functions. I suggest using a specialised SQL Proxy on the entry gateway that allows only a certain set of SQL functions from one host and relays the to the DB inside. This ensures that possibly dangerous commands like 'DROP' or 'CREATE USER' will never reach the DB regardless of the permissions of the username used by the proxy. I don't know of any existing (postgre-)sql proxy solutions yet, though. > but I only want to allow an outside > query to only one or two of our selected entry points. Set appropiate packet filtering rules on both the webserver and the entry point(s). HTH, Hauke -- Hauke Lampe - TUCCO - The Universal Communication Company http://www.tucco.de - fon: +49-40-65777-510, fax: +40-40-65777-250
Hi Lonnie, This is one of the reasons we are moving to an EJB server at work (we're using Oracle there, but they wanted to accomplish the same thing you want to do with Postgres). By exposing specialized interfaces to the db we effectively limit the types of queries that can be run. That might be more overhead than you want to deal with in your application, but for us it makes sense because we have so many different types of applications hitting the db (servlets and JSP pages, Swing applications, perl scripts, C programs, etc...) -M@ -- There are more things in heaven and earth, Horatio, than are dreamt of in your philosophy. On Fri, 20 Apr 2001, Lonnie Cumberland wrote: > Hello All, > > We are developing an application that will allow our websites to talk to our > database. > > In the interest of security, I am wondering if it is possible to turn off some > of the functions in the SQL command list such that a user can only communicate > to the database through our functions. > > What I mean is this. We have built a number of "C" extensions and PL/pgSQL > proceedures that will work on our database, but I only want to allow an outside > query to only one or two of our selected entry points. > > The webserver interface query statement might, for example, be able to only > call "select register_user(.......)" or "select login_user(....)" and NONE of > the other PostgreSQL command functions. > > I only want to allow access to these functions from the outside world, but the > server needs to be able to execute all of the original functions without > restrictions. > > Any information on this would be greatly appreciated, > Lonnie > > __________________________________________________ > Do You Yahoo!? > Yahoo! Auctions - buy the things you want at great prices > http://auctions.yahoo.com/ > > ---------------------------(end of broadcast)--------------------------- > TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org >