On Mar 27, 2007, at 7:34 AM, Aidan Van Dyk wrote:
Kev wrote:
Hi everyone,
I'm still in the design phase of a project. I was just wondering if
anyone has any thoughts or experience on the idea of cutting the P
out
of the LAMP (or in my case, WAMP for now) stack. What I mean is
having
everything encapsulated into sql (or plpgsql or plperl where needed)
functions stored in the pgsql server, and have Apache communicate
with
pgsql via a tiny C program that pretty much just checks whether the
incoming function is on the allowed list and has the proper data
types,
then passes it straight in. Any errors are logged as potential
security
breaches.
Sounds something like mod_libpq:
http://asmith.id.au/mod_libpq.html
Or SQL-on-rails
http://www.sqlonrails.org/
Cheers,
Steve
