Search Postgresql Archives

Re: Authentication method for web app

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>I think this point number 2 is pretty important. If at all possible, keep 
> the webapp separate from the database, and keep the database 
> server on a fairly restrictive firewall.  This means that someone has 
> got to get in to the webapp, then hop to the database server, it just
> adds another layer of mis-direction for any would-be evil doers.


Which are the authentication methods "recommended" in this
scenario? It sounds to me that no matter the auth mechanism,
if a user can connect to the webapp server with the user that runs
the webapp there's no way of avoiding the connection to the db
(since the user will then be free to see/do whatever the webapp was
seeing/doing).




-- 
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux