On 07/24/11 2:36 PM, Mario Puntin wrote:
>
> Hi everybody:
> I searched the web trying to find an answer to this, but found none. I
> have a postgresql server and a database, and I granted access to some
> users.
> However I want them to access the data only through some specific
> client application. I do not want them to have access through psql or
> some other kind of client app. But, as I created them a user/pass they
> could use them.
> What would you do?
> Thanks in advance.
>
I would put ALL the database access in a webservice, running on a
secured server, which their client program accesses and ONLY that
webservice has the access credentials to connect to the database.
so, the user runs a client program, it has credentials to connect to
this webservice (tomcat, or whatever), but no direct access to the
database at all. the user's workstations are flat denied any access to
the database even if they did have the credentials.
the webservice has all the business logic that queries the database.
so if the client app needs to edit a customer record, for example, it
makes a remote procedure call to the webservice
"EditClientRecord(....)", and that in turn connects to SQL and does the
dirty work.
--
john r pierce N 37, W 122
santa cruz ca mid-left coast
