The problem with trust is that it means that any user can type in any
other users login name and get access without knowing his password. Even
if your app is the only access point to the database, you still have to
worry about a user installing psql or other client onto his desktop and
accessing the database directly.
If your application is logging in, you still don't want to use trust
because you can put the password into the application. The level of
security that you require will depend a lot on the application
infrastructure. For example, if you are using an application server then
you can limit access of the database to the IP address of the app server
and the DBA's computer. That way you don't have to worry about anybody
installing a rogue client.
Sim
On 09/10/2011 10:42 PM, mgould@xxxxxxxxxxxxxxxxxxxx wrote:
We have a very solid security appliance which sits in front of our
domain controller. All traffic from our users is also controlled via
a citrix login and they only have access to the published apps, no
desktops.
We have been thinking of using trust as our security method. If we
decide to use this will we be required to enter the users into the
database?
The other option might be using SSL and entering in the users to the
db. We still have to build internal security tables which handle
procedure and data level security so pushing the login to the database
isn't that big of a deal.
Michael Gould
Intermodal Software Solutions, LLC
904-226-0978
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
