A (hopefully) simple question re: secure pg <=> web application access

Поиск
Список
Период
Сортировка
От Ron
Тема A (hopefully) simple question re: secure pg <=> web application access
Дата
Msg-id E1HVvrS-0004B8-9j@elasmtp-spurfowl.atl.sa.earthlink.net
обсуждение исходный текст
Список pgsql-general
I usually have a DBA available to me, but have to "wing it" this time...

I know what I =want=.  What I don't know is ?how? to do it?

I want to set up a web app to have access privileges that allow the
app to communicate only with certain
a= pg stored procedures or
b= java servlets which then talk to pg stored procedures (think
Apache + Tomcat but not J2EE environment with a possible Hibernate layer).

The pg stored procedures will be the only things that have the
privileges to actually do DB IO.

Since the web app can only talk to a restricted set of entities, and
I can "lock down" those entities and/or verify traffic with them to
my heart's content, this seems to be the best way to avoid SQL code
injection, processes that bootstrap their privileges, etc, etc.


So how do I do this?
Ron



В списке pgsql-general по дате отправления:

Предыдущее
От: "Martin Gainty"
Дата:
Сообщение: Re: get value after updating table
Следующее
От: Martijn van Oosterhout
Дата:
Сообщение: Re: get value after updating table