Re: [GENERAL] HA best pratices with postgreSQL

[Albretch Mueller]

On Wed, Jun 18, 2008 at 10:36 PM, Douglas McNaught [EMAIL PROTECTED] wrote:
 . . . SQL permissions should be all you need.

 -Doug
~
 What about the security implications? Is the J2EE server enough to
control access to the DB?
~
 Java does not allow for buffer overruns and such hacking venues, but
what would happen if a hacker somehow gains access to the data
directly, bypassing the J2EE server?
~
 The thing is that for performance reasons I could not nicely model
highly hierarchical data objects using SQL tables, so I have to come
up with complicated data structures that I serialize and keep in
fields as BLOBs
~
 And yes, I know, my approach was very roundabout ;-) I was trying to
fancy a hacker-proof scenario and it would all be based on scripts
~
 I think SCSI disks even have a switch to -physically- avoid writing
to them. I'd wish I could use such features in regular SATA disks. I
definitely trust Physics
~
 thanx
 lbrtchx

-- 
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

Re: [GENERAL] HA best pratices with postgreSQL

[Douglas McNaught]

On Wed, Jun 18, 2008 at 8:44 PM, Albretch Mueller [EMAIL PROTECTED] wrote:
 ~
  I am developing a J2EE application that needs for users to only read
 DB tables. All queries are select ones, no updates, no inserts, no
 deletes for web users, so I keep this ro DB tables in certain
 partitions which I mount as ro
 ~
  For performance reasons I keet the DB in the same box as the server
 ~
  Now, the data in those tables need to actually be updated not by web
 users, but from the back end and not that often at all, say just once
 of twice a day in a totally controlled way and updates shouldn't take
 long. Just some insert stats in single tables

[very roundabout approach deleted]

 ~
  Has any of you guys heard of something like that or how to basically
 achieve the same thing by other, more standard means?

Create a user for the J2EE app, and configure that app to connect as
that user.  Grant only SELECT privileges to that user on the tables it
needs to see.  Create a second user for the backend app and grant it
SELECT, INSERT, UPDATE, and DELETE on those tables.

There should be no need to mess about with read-only partitions or
anything like that.  SQL permissions should be all you need.

-Doug

-- 
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general