Re: Disallow access from psql, or allow access only from specific client app - Mailing list pgsql-general

From Kurt Buff
Subject Re: Disallow access from psql, or allow access only from specific client app
Date
Msg-id CADy1Ce5=Q6DPpVKxeBWB-pH4SQxUBNpQ+R6MUYK1ck3HUQRi9w@mail.gmail.com
Whole thread Raw
In response to Re: Disallow access from psql, or allow access only from specific client app  (Lonni J Friedman <netllama@gmail.com>)
Responses Re: Disallow access from psql, or allow access only from specific client app
List pgsql-general
On Sun, Jul 24, 2011 at 14:48, Lonni J Friedman <netllama@gmail.com> wrote:
> On Sun, Jul 24, 2011 at 2:46 PM, Kurt Buff <kurt.buff@gmail.com> wrote:
>> On Sun, Jul 24, 2011 at 14:36, Mario Puntin <mariomop@gmail.com> wrote:
>>>
>>> Hi everybody:
>>> I searched the web trying to find an answer to this, but found none. I have
>>> a postgresql server and a database, and I granted access to some users.
>>> However I want them to access the data only through some specific client
>>> application. I do not want them to have access through psql or some other
>>> kind of client app. But, as I created them a user/pass they could use them.
>>> What would you do?
>>> Thanks in advance.
>>
>> Make a web front end, and present them with only the queries you want
>> them to have, via a dropdown list and a set of fields for which you
>> sanitize the input.
>>
>> Alternatively, build a GUI app that does the same thing, but if your
>> users are sophisticated and/or malicious you'll also have to build the
>> GUI with some sort of application authentication and encryption.
>
> Don't mean to butt in, but how does this meet Mario's requirement of
> blocking access from psql and/or only allowing access from a specific
> client?


The way I read OPs requirements is that he doesn't want them to be
able to use queries to pgsql directly or through a pgsql client. This
requires some other kind of client, which he explicitly stated[1]. The
implication is that he wants to limit their ability to manipulate the
data in certain ways - either to read data that to which they should
not have access, or to modify or delete data. To do that requires an
application that presents and enforces the choices that his design
requirements dictate.

Kurt

[1] One thing that is a bit ambiguous is his use of the term 'client'.
If by that he means a software application, my comments stand. If by
that instead he means a host or set of hosts, then my comments carry
even more freight, because he's going to have to validate from which
hosts the traffic is coming.

pgsql-general by date:

Previous
From: Chris Curvey
Date:
Subject: Re: Disallow access from psql, or allow access only from specific client app
Next
From: salah jubeh
Date:
Subject: Re: Disallow access from psql, or allow access only from specific client app