Kevin Hunter wrote:
>
>> If a user has not logged in, that is, if they are an anonymous
>> visitor, the web framework will connect to the database as the
>> default "public" user. Our system is deny-by-default, so this user
>> cannot actually read from any table unless specifically granted
>> permission. In the case being discussed, the public user is given
>> SELECT permission on some columns of the insurance carriers table,
>> and on the schedules table.
>
> Huh. Does that imply that the web framework still holds a number of
> different DB credentials? Or does each user need to supply their
> specific DB credentials as their authentication so the web framework
> is merely a proxy to the DB?
Yes, exactly, the web framework can be thought of as a proxy, it is
connecting to the DB using credentials provided by the user.
Which, I will take pains to point out, is far far superior to having it
connect as a super-user and then trusting that the code is bug-free.
Ouch, I don't even want to think about that one.
But anyway, once we arrive at this point you arrive at the standard
questions surrounding session security and the possible use of
certificates. The system is now as secure as your user's password
habits and your server's general security.