Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
A (hopefully) simple question re: secure pg <=> web application access
- From: Ron <rjpeace(at)earthlink(dot)net>
- To: pgsql-novice(at)postgresql(dot)org,pgsql-general(at)postgresql(dot)org
- Subject: A (hopefully) simple question re: secure pg <=> web application access
- Date: Mon, 26 Mar 2007 16:31:42 -0400
I usually have a DBA available to me, but have to "wing it" this time... I know what I =want=. What I don't know is ?how? to do it?I want to set up a web app to have access privileges that allow the app to communicate only with certain
a= pg stored procedures orb= java servlets which then talk to pg stored procedures (think Apache + Tomcat but not J2EE environment with a possible Hibernate layer).
The pg stored procedures will be the only things that have the privileges to actually do DB IO.
Since the web app can only talk to a restricted set of entities, and I can "lock down" those entities and/or verify traffic with them to my heart's content, this seems to be the best way to avoid SQL code injection, processes that bootstrap their privileges, etc, etc.
So how do I do this? Ron
- Follow-Ups:
- Re: A (hopefully) simple question re: secure pg <=> web application access
- From: Martin Gainty
- Re: A (hopefully) simple question re: secure pg <=> web application access
- Prev by Date: Re: get value after updating table
- Next by Date: Re: get value after updating table
- Previous by thread: get value after updating table
- Next by thread: Re: A (hopefully) simple question re: secure pg <=> web application access
- Indexes: