Search Postgresql Archives

Opened ports vs. Packages...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi!

I want to ask about PGSQL-crack/hack-web-database.

So:

We have a web site with python.  The DB engine is PGSQL.

The first theory was that PGSQL is locally used, and each of other operations are realized with encoded XML packages.

These operations are: fill up partner data, fill up offer data.

The client application is Delphi based. That was a little hard to convert local data (DataSets, etc) to XML, and recode in the server side (in python).

The new theory is need more flexibility: we can fillup more data and read some (long) query result.

The main problem that I need to open the PGSQL's port to the net with login possibility.

1.) Auth. - password trying.
The clients are access PGSQL by Zeos, or by PGDAC. I don't know what auth. methods they are support, but I think that md5 and plain text is not enough here...

2.) Opened port -  PGSQL hack/crack possibilty.
I don't know about PGSQL hack/crack on ports, but everything is possible. If they are hack the PGDB without knowing password (with some special code injection), we are in problem...

3.) Server overloading with DOS. (Example: many-many requests to login)

4.) Lost connections? How to handle when connection lost on wrong web, or temp. down?

If we don't want to open the port, we need to make a complete interface that know same thing as Zeos.

Zeos (as I know) supports data packages - the data loaded in packages, and if you scroll to the end of the table, you can get the next package.

We need to develop same thing to load all info we want.
Need to make an update mechanism to reflect changes, etc.

We need to create a mechanism that read Queries, process them, and rewrite the result packages...

And these infos are changing - because if I open a query with web server at X, and got a new request at Y to make next package, may the query data changes... 

For example:
select * from data
1.) A....D (select * from partner top 0 range 1000)
2.) C...F  (select * from partner top 1001 range 2000)

because between these requests we have a big modification... (in the webserver all request a new cursor).

This is hard work.

So... what is the magic we can use? And what you heard about opened ports/hack/connections?

Thanks:
   dd





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux