Hi Marko,
Actually I have it,
However I was thinking the problem in a wrong way. In my particular case, the fact of the private key in memory is a good reason for discard the electronic signature, I mean, in order to have a real protection against the data modification I need a TSA (time stamping service) or something like that and my problem grow.
Thanks a lot for your advice (and your time). They were really helpful.
Best Regards,
On Jan 23, 2008 1:59 PM, Marko Kreen <markokr@xxxxxxxxx> wrote:
On 1/23/08, Luis Alberto Pérez Paz <midriasis@xxxxxxxxx> wrote:> Very interesting point of view.Eh, for some reason I imagined you have have some good reason
> Yes, you're right about the manage key problem.
>
> The grant database access looks like a real solution.
why simple solutions are not enough...
Btw, if you try to simply rrestrict access to your data, one good
way for that is to make all data access and modification go via
SECURITY DEFINER functions, so that user have no access to
underlying data tables.
This gives both more flexible access handling than simple GRANTs
can give you and also give ability to do smooth schema upgrades
without applications noticing.
--
marko
--
paz, amor y comprensión
(1967-1994)
