keke abe wrote:
> Adam Lang wrote:
>
> > Ok... so if I am writing a distributed application in windows that will use
> > a Postgresql backend, I should have the client interface another "server"
> > application, which will inturn access/retrieve informaton from the database?
>
> I'd like to know if this kind of layering is mandatory or not. Is it really
> unacceptable to expose the Posgresql backend to the rest of the world? Is
> there anything that I should be aware of if I let the clients to talk to
> the backend directly.
>
> regards,
> abe
I'd say it is mandatory. You are opening yourself up as an easy target for
hackers if they can go directly to your database. Think about it. If any
hole in the database security is discovered, then your goose is cooked
right away. Getting the database off the web and behind a firewall should
be the least you do. That gives you two levels of protection -- the firewall
and the database.
Plus, on the postgresql side, it is much easier to have one restricted user
account from one specific machine than to try to manage thousands of
dynamically created accounts.
Just my opinion, of course.
Greg Speegle
