野村 wrote: > Web pages have username and password with basic, digest or ldap > authorization. So if I createuser with same user and password, and if > there is md5 or something to encode password, I wonder javascript > connects to postgres securely. > for that to work, irregardless of security aspects, the postgres client libraries would have to be installed on each web browser system, in a form that javascript could invoke. However, I've not heard of any javascript -> postgres bindings suitable for use in a webbrowser context... Javascript in a webbrowser is running in a sort of sandbox and isn't supposed to be allowed to make its own network connections, or call system libraries directly, allowing this would be a gross security flaw (for instance, a hostile web page could take over a users computer). -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
