On 01/25/12 20:02, Misa Simic napisa:
Thanks Bill,
Make sense... db_link is probably then solution... Everything depends on
concrete problem...
But I still think security should be reconsidered (I would use db_link
just in case there is no other options - if we must let users to have
direct access to DB)... I mean, in that case when we need log each
request for some sensitive data - we would not allow some user direct
access to DB where he would be able to do such thing BEGIN TRAN, execute
function what returns sensitive data, ROLLBACK Tran; (or many other
things...)
at least there would be an application layer above DB... (concretly in
our case - Users do not have access to DB at all... everything is
through Web App, actually DB - Web Service - User Apps (Web, Windows,
Mobile etc...))
Thanks,
Misa
2012/1/25 Bill Moran <wmoran@xxxxxxxxxxxxxxxxx
<mailto:wmoran@xxxxxxxxxxxxxxxxx>>
In response to Misa Simic <misa.simic@xxxxxxxxx
<mailto:misa.simic@xxxxxxxxx>>:
>
> But maybe it would be better to reorganise security on the way
that users
> who do not need to have access to some data - simply do not have it
> (instead of to give them data and latter check log to confirm
they have
> taken it...)
In many cases that's not enough. For example with HIPAA in the US,
a user
may be allowed to access data, but there still _has_ to be a log record
for each access.
--
Bill Moran
http://www.potentialtech.com
http://people.collaborativefusion.com/~wmoran/
Thanks for reply,
Bill was right, this is security requirement that is independent of all
other security mechanisms we have implemented in this system :-)
I will check contrib/dblink - it seems to be one of the ways to solve
this problem
Best regards,
Ivan
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
