Search Postgresql Archives

Re: Limiting DB access by role after initial connection?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Jun 11, 2017 at 12:15 PM, Bruno Wolff III <bruno@xxxxxxxx> wrote:
On Fri, Jun 09, 2017 at 21:14:15 -0700,
 Ken Tanzer <ken.tanzer@xxxxxxxxx> wrote:
On Fri, Jun 9, 2017 at 5:38 PM, Bruno Wolff III <bruno@xxxxxxxx> wrote:

Seems to me they are separate issues.   App currently has access to the
password for accessing the DB.  (Though I could change that to ident access
and skip the password.)  App 1) connects to the DB, 2) authenticates the
user (within the app), then 3) proceeds to process input, query the DB,
produce output.  If step 2A becomes irrevocably changing to a site-specific
role, then at least I know that everything that happens within 3 can't
cross the limitations of per-site access.  If someone can steal my password
or break into my backend, that's a whole separate problem that already
exists both now and in this new scenario.

In situations where a person has enough access to the app (e.g. it is a binary running on their desktop) to do spurious role changes, they likely have enough acces to hijack the database connection before privileges are dropped.

Ah yes, I could see that.  In this case it's a web app, so only the server has the DB credentials.  I'd really hate it if each client had to be able to access those credentials!

Cheers,
Ken


-- 
AGENCY Software  
A Free Software data system
By and for non-profits
(253) 245-3801

learn more about AGENCY or
follow the discussion.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux