General Security-Question - Mailing list pgsql-general

From elwood@agouros.de (Konstantinos Agouros)
Subject General Security-Question
Date
Msg-id elwood.992895619@news.agouros.de
Whole thread Raw
Responses Re: General Security-Question
Re: General Security-Question
List pgsql-general
Hi,

I am currently developing a software that should replace our hated excel-time-
sheets. My problem is the following: I have an javaapplet for dataentry that
connects to the database via jdbc. There is a table that holds the data (who
worked what when). So far so good, but:
Since I must grant update/insert/delete access to this table to everybody
that can use this application, how can I stop people from updating the data
of the others. The one thing that came to my mind was not creating database-
users but instead use a static user, and let the application handle the logic
who can access which lines in the database (its also a matter of dataprivacy,
one should be allowed to watch one's own data but not of the others, the team-
manager should see the data of the team etc). The read-access can be implemen-
ted using views but I don't see much other way for data-entry. Somebody has an
idea?

Konstantin
--
Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: elwood@agouros.de
Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185
----------------------------------------------------------------------------
"Captain, this ship will not sustain the forming of the cosmos." B'Elana Torres

pgsql-general by date:

Previous
From: Tom Lane
Date:
Subject: Re: Apache with PHP and PGSQL crashing ...
Next
From: elwood@agouros.de (Konstantinos Agouros)
Date:
Subject: Re: jdbc-question...