On 05/13/10 09:21, Leonardo F wrote: > Hi all, > > > we're going to deploy a web app that manages users/roles for another > application. > > We want the database to be "safe" from changes made by malicious > users. > > I guess our options are: > > 1) have the db listen only on local connections; basically when the > machine is accessed the db could be "compromised". Hardening the > server access is the only true security defense we have. > > 2) Use, as user/password, the same user/password used to > enter the web app. Basically there would be a 1 to 1 matching between > our app users (and password...) and the db users (with proper > permissions...) > > I'm not a great expert on these things (as you've already guessed...). > > Can someone help me? As you already figured out, the key is protecting both the application and the db server from intrusions. If anyone gets unauthorized access to either of them, especially if it's root access, any and all security you build on top of that will in all likelihood collapse. Personally I would lean toward making the bulk of security within the application so to simplify everything - the database would do what it does best - store and manipulate data - and the application would be the single point of entry. Protect the servers - keep the applications (like ssh, php, apache, your application) updated and make sure you have good and frequent backups. -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
