If you build a web-app the user doesn't connect to the db . It connects to the application. It is the web app that should have an auth mechanism. The web app will perform predefined and limited operations and it is the web programmer that has to guarantee that only operations provided by the web application can be performed by web app user. In an e-commerce web application when the user places an order doesn't execute an insert sql statement. Is submits a form an the form is processed in the web application. Let say orders can be placed only by registered users, is the web application that has to allow login and check that the user is authorized throughout the order process. This is business logic and it's hard to believe you want to place business logic in the db. Moreover you will tipically use a connection pool and not create single connections not to risk to overload your db. Hence you have to create the pool and provide db user credential at that time, not when the user connect to the application. I suggest you read something about developing multi-tiered applications and the MVC pattern before going further. Once done that you can chose a web application development framework: many of them provide authorization mechanism or allow you to plugin your preferred one Il 14/05/2010 15.24, Leonardo F ha scritto: >> I think this point number 2 is pretty important. If at all possible, keep >> the webapp separate from the database, and keep the database >> server on a fairly restrictive firewall. This means that someone has >> got to get in to the webapp, then hop to the database server, it just >> adds another layer of mis-direction for any would-be evil doers. >> > > Which are the authentication methods "recommended" in this > scenario? It sounds to me that no matter the auth mechanism, > if a user can connect to the webapp server with the user that runs > the webapp there's no way of avoiding the connection to the db > (since the user will then be free to see/do whatever the webapp was > seeing/doing). > > > > > -- ================================================== dott. Ivano Mario Luberti Archimede Informatica societa' cooperativa a r. l. Sede Operativa Via Gereschi 36 - 56126- Pisa tel.: +39-050- 580959 tel/fax: +39-050-9711344 web: www.archicoop.it ================================================== -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
