Re: Postgresql + digital signature - Mailing list pgsql-general

From Luis Alberto Pérez Paz
Subject Re: Postgresql + digital signature
Date
Msg-id 7f64980c0801250857t2cd2a99dt93df5863eb15c219@mail.gmail.com
Whole thread Raw
In response to Re: Postgresql + digital signature  ("Marko Kreen" <markokr@gmail.com>)
List pgsql-general
Hi Marko,
 
Actually I have it,
 
However I was thinking the problem in a wrong way. In my particular case, the fact of the private key in memory is a good reason for discard the electronic signature, I mean, in order to have a real protection against the data modification I need a TSA (time stamping service) or something like that and my problem grow.
 
Thanks a lot for your advice (and your time). They were really helpful.
 
Best Regards,
 
 
 

 
On Jan 23, 2008 1:59 PM, Marko Kreen <markokr@gmail.com> wrote:
On 1/23/08, Luis Alberto Pérez Paz <midriasis@gmail.com> wrote:
> Very interesting point of view.
> Yes, you're right about the manage key problem.
>
> The grant database access looks like a real solution.

Eh, for some reason I imagined you have have some good reason
why simple solutions are not enough...


Btw, if you try to simply rrestrict access to your data, one good
way for that is to make all data access and modification go via
SECURITY DEFINER functions, so that user have no access to
underlying data tables.

This gives both more flexible access handling than simple GRANTs
can give you and also give ability to do smooth schema upgrades
without applications noticing.

--
marko



--
paz, amor y comprensión
       (1967-1994)

pgsql-general by date:

Previous
From: johnf
Date:
Subject: Re: exporting postgre data
Next
From: Tom Lane
Date:
Subject: Re: best way to query