Re: Security setup. - Mailing list pgsql-general

From Sim Zacks
Subject Re: Security setup.
Date
Msg-id 4E6C66E1.6050305@compulab.co.il
Whole thread Raw
In response to Security setup.  (<mgould@isstrucksoftware.net>)
Responses Re: Security setup.
List pgsql-general
The problem with trust is that it means that any user can type in any
other users login name and get access without knowing his password. Even
if your app is the only access point to the database, you still have to
worry about a user installing psql or other client onto his desktop and
accessing the database directly.

If your application is logging in, you still don't want to use trust
because you can put the password into the application. The level of
security that you require will depend a lot on the application
infrastructure. For example, if you are using an application server then
you can limit access of the database to the IP address of the app server
and the DBA's computer. That way you don't have to worry about anybody
installing a rogue client.

Sim

On 09/10/2011 10:42 PM, mgould@isstrucksoftware.net wrote:
>
> We have a very solid security appliance which sits in front of our
> domain controller.  All traffic from our users is also controlled via
> a citrix login and they only have access to the published apps, no
> desktops.
>
> We have been thinking of using trust as our security method.  If we
> decide to use this will we be required to enter the users into the
> database?
>
> The other option might be using SSL and entering in the users to the
> db.  We still have to build internal security tables which handle
> procedure and data level security so pushing the login to the database
> isn't that big of a deal.
>
> Michael Gould
> Intermodal Software Solutions, LLC
> 904-226-0978
>


pgsql-general by date:

Previous
From:
Date:
Subject: Security setup.
Next
From: Sim Zacks
Date:
Subject: Re: Security setup.