If you build a web-app the user doesn't connect to the db . It connects
to the application.
It is the web app that should have an auth mechanism.
The web app will perform predefined and limited operations and it is the
web programmer that has to guarantee that only operations provided by
the web a
From: pgsql-general-ow...@postgresql.org on behalf of Leonardo F
Sent: Fri 14/05/2010 14:24
To: pgsql-general@postgresql.org
Subject: Re: [GENERAL] Authentication method for web app
>I think this point number 2 is pretty important. If at all possible, k
>I think this point number 2 is pretty important. If at all possible, keep
> the webapp separate from the database, and keep the database
> server on a fairly restrictive firewall. This means that someone has
> got to get in to the webapp, then hop to the database server, it just
> adds another
On Fri, May 14, 2010 at 4:43 AM, Ivan Voras wrote:
> On 14 May 2010 09:08, Leonardo F wrote:
> >> Personally I would lean toward making
> >> the bulk of security within the
> >> application so to simplify everything - the
> >> database would do what it
> >> does best - store and manipulate data
On 14 May 2010 09:08, Leonardo F wrote:
>> Personally I would lean toward making
>> the bulk of security within the
>> application so to simplify everything - the
>> database would do what it
>> does best - store and manipulate data - and the
>> application would be the
>> single point of entry. P
> Personally I would lean toward making
> the bulk of security within the
> application so to simplify everything - the
> database would do what it
> does best - store and manipulate data - and the
> application would be the
> single point of entry. Protect the servers - keep
> the applications
On 05/13/10 09:21, Leonardo F wrote:
> Hi all,
>
>
> we're going to deploy a web app that manages users/roles for another
> application.
>
> We want the database to be "safe" from changes made by malicious
> users.
>
> I guess our options are:
>
> 1) have the db listen only on local connection
Hi all,
we're going to deploy a web app that manages users/roles for another
application.
We want the database to be "safe" from changes made by malicious
users.
I guess our options are:
1) have the db listen only on local connections; basically when the
machine is accessed the db could be "co
