Search Postgresql Archives

A (hopefully) simple question re: secure pg <=> web application access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I usually have a DBA available to me, but have to "wing it" this time...

I know what I =want=.  What I don't know is ?how? to do it?

I want to set up a web app to have access privileges that allow the app to communicate only with certain
a= pg stored procedures or
b= java servlets which then talk to pg stored procedures (think Apache + Tomcat but not J2EE environment with a possible Hibernate layer).

The pg stored procedures will be the only things that have the privileges to actually do DB IO.

Since the web app can only talk to a restricted set of entities, and I can "lock down" those entities and/or verify traffic with them to my heart's content, this seems to be the best way to avoid SQL code injection, processes that bootstrap their privileges, etc, etc.


So how do I do this?
Ron


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux