Re: looking for a secure - Mailing list pgsql-general

From Fran Fabrizio
Subject Re: looking for a secure
Date
Msg-id 3B6700C0.9721DE28@mmrd.com
Whole thread Raw
In response to looking for a secure  (Fran Fabrizio <ffabrizio@mmrd.com>)
List pgsql-general
Richard,

Thanks for the feedback.  I am intrigued by the idea of having an app instead
of a database sitting outside the firewall.  I'm a web guy, and a web app
would be a neat idea, or maybe something like XML-RPC.  However, I think this
actually makes the clients more complicated than simpler, because then, if we
use Paul's XML fragment message for example, the clients need to know how to
parse and form XML messages.  If they can connect directly to Pg, that buys
us two things... 1. the clients just use the Pg library and standard SQL, and
2. we don't have to parse it into SQL when it gets to our end.

The other problem is I think the transfer of the actual binary patches is a
bit more complicated.  Yes, HTTP has no problems with transfering binaries in
the general sense, but I frankly don't have the foggiest idea how to write a
custom web client in C that can receive a binary file.  With Pg, you can use
it's method of handing back large objects and that seems pretty
straightforward (and more importantly, we've proof-of-concept'ed that part
whereas I wouldn't know where to begin to make Apache serve and a C client
receive a binary that came out of a database. =)  I'm sure it's not that
hard, probably involves just setting the appropriate content-type and
streaming it out, but there are probably a lot of nuances on both the server
and client side (the client side scares me; I'm not a C programmer, the guy
writing the C client is not a programmer at all, we're just doing it out of
necessity, so anything that makes the C as simple as possible makes us sleep
easier. =)  I guess it's all about playing to your strengths.)

Having just been out at the Open Source Conference all week, I'm pretty hot
on the idea of web apps/XML-RPC/Soap type services hanging out there on the
net, but I'm not sure this is the right application for it.  It would
certainly go a long ways towards isolating the Pg database, and that is a
Good Thing (tm), but then we introduce another "hop" before the data gets
into/out of the database.  If we can get the data into the database straight
away and in a secure fashion, I think that is what we would want ultimately.

Good stuff in this thread; lots of ideas not only for the current project but
for the future as well.  Thanks all!

-Fran


pgsql-general by date:

Previous
From: Mike Finn
Date:
Subject: Re: Unexpected *ABORT STATE*
Next
From: Fran Fabrizio
Date:
Subject: Re: looking for a secure