On 12/8/06, ml <[EMAIL PROTECTED]> wrote: > > Jonathan Ellis píše v Pá 08. 12. 2006 v 11:05 -0700: > > On 12/7/06, ml <[EMAIL PROTECTED]> wrote: > > > I want to have a client application accessing a remote Postgres database > > > but I don't want to distribute the user/password to the DB. I want > > > clients to authenticate against some other table of passwords so there > > > must be a stub between client and DB which will know the DB user/pwd. > > > How can I manage this in SA? > > > > You can write your "stub" in SA easily; your client should interface > > with the stub not via SQL but via a simple protocol you define that > > limits it to predetermined actions. > > > > How? What protocol? Any clues or examples are welcome.
You get to make one up! It's your app! The point is, if you trust the client to send valid SQL you are screwed whether or not the client logs into the database directly or not. So instead of "insert into users (name) values (...)" your client would sent "NEWUSER ..." or something. If this sounds intimidating, I would suggest picking up a book covering client/server programming. I believe Programming Python and Core Python both include chapters on socket programming. -- Jonathan Ellis http://spyced.blogspot.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To post to this group, send email to sqlalchemy@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en -~----------~----~----~----~------~----~------~--~---
