Search Postgresql Archives

Security Issues: Allowing Clients to Execute SQL in the Backend.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello!

I'm developing a web application that needs to display data from a postgres backend.

The most convenient way for the app to get the data is by expressing the request in SQL.

I'm thinking about the following architecture

[ App/Client ] -----> query in SQL ---> [Web server] ---> same SQL query --> [PG database]

***********
I would simply use the roles/permssion system inside Postgres to determine what users
can  do and cannot do. Clients have to authenticate as one of the roles (not superusers) defined in the database.
************

Given this are there any security other issues about letting client applications execute arbitrary SQL commands on the backend database?

Thanks.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux