Search Postgresql Archives

Re: Automating access grants

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



"Kynn Jones" <kynnjo@xxxxxxxxx> writes:

> We have an in-house Postgres database that we would like to make
> publicly accessible via a password-less login (user: anonymous).  (We
> already have a web front-end for this database, but we have had a lot
> of requests to allow programmatic access in a way that does not
> require scraping web pages; FWIW, web scraping of this site is already
> disallowed in our TOS.)

Honestly, I would consider writing a web (i.e. SOAP or XML-RPC)
service for this purpose rather than using allowing direct access.
That lets you control what kind of queries can be run.  It's more
work, but much cleaner and more secure.  There are too many ways even
a read-only user can perform a DOS attack.

-Doug


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux