Hi all, we're going to deploy a web app that manages users/roles for another application. We want the database to be "safe" from changes made by malicious users. I guess our options are: 1) have the db listen only on local connections; basically when the machine is accessed the db could be "compromised". Hardening the server access is the only true security defense we have. 2) Use, as user/password, the same user/password used to enter the web app. Basically there would be a 1 to 1 matching between our app users (and password...) and the db users (with proper permissions...) I'm not a great expert on these things (as you've already guessed...). Can someone help me? Thank you -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
