I'm trying to get a feel for what most people are doing or consider best
practice.
Given a mod_perl application talking to a PostgreSQL database on the
same host, where different users are logging onto the web server using
LDAP for authentication, do most people
1) have the web server connecting to the database using its own user
account (possibly through ident), and controlling access to different
database entities strictly through the application itself
2) have the web server connecting to the database actually using the
user's account (possibly using LDAP authentication against PostgreSQL),
and controlling access to different database entities through GRANT, etc.
Obviously, (2) leads to more database connections, and you still have to
have the application do some work in terms of which forms are available
to which users, etc. But I'm a little worried about whether it's best
security practice.
---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster 20 6634
Keith G. Murphy said: 2) have the web server connecting to the database actually using the user's account (possibly using LDAP authentication against PostgreSQL), and controlling access to different database entities through GRANT, etc.
My experience with java web/app servers indicates that for most setups
using a pool of connections is preferable to using a single connection per
connected user - it scales much better.
What you could consider is one or more pools which map to the "roles" that
your (web) app supports. For example, if a user needs "minimal rights"
access to db resources, then your cgi (request handler) accesses the data
using a connection from the "minimal rights" connection pool. A user
needing "greater rights" would have the cgi access the database from the
"greater rights" pool.
Normally, I place the database functions/tables/objects into different
logical schemas, then I create one or more specific users (for the web/app
server only) which equates to a logical role, and I grant specific rights
on the different schema objects to those users.
Your mileage may vary.
John Sidney-Woollett
---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html
John Sidney-Woollett wrote: Keith G. Murphy said:
2) have the web server connecting to the database actually using the user's account (possibly using LDAP authentication against PostgreSQL), and controlling access to different database entities through GRANT, etc.
My experience with java web/app servers indicates that for most setups using a pool of connections is preferable to using a single connection per connected user - it scales much better.
What you could consider is one or more pools which map to the "roles" that your (web) app supports. For example, if a user needs "minimal rights" access to db resources, then your cgi (request handler) accesses the data using a connection from the "minimal rights" connection pool. A user needing "greater rights" would have the cgi access the database from the "greater rights" pool.
That sounds like an excellent compromise. How do you typically handle
the mechanics of authentication from web server to PostgreSQL on the
connect, using this scheme?
--
Why waste time learning when ignorance is instantaneous?
-- Hobbes
---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddres sHere" to ma*******@postg resql.org)
Keith G. Murphy said: That sounds like an excellent compromise. How do you typically handle the mechanics of authentication from web server to PostgreSQL on the connect, using this scheme?
Sorry but I can't help you out here, I'm too much of a newbie with
Postgres - I was hoping that someone else would answer your part 1! :)
John
---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster
John Sidney-Woollett wrote: Keith G. Murphy said:
That sounds like an excellent compromise. How do you typically handle the mechanics of authentication from web server to PostgreSQL on the connect, using this scheme?
Sorry but I can't help you out here, I'm too much of a newbie with Postgres - I was hoping that someone else would answer your part 1! :)
John
Perhaps I can answer my own question. I could use ident and a map that
lists the web server username as able to map to the different "role"
usernames. Unfortunately, that still would allow the web server account
to "fake" role names.
If the "real" PostgreSQL accounts do not coincide to the
browser-authenticated usernames, I don't see a good way to use PAM/LDAP
or another mechanism to require that PostgreSQL itself makes sure that
the given username and password are valid. Not saying that's a big
problem, but...
Hmmm, mightn't it be kind of nice if there were PAM or krb5 maps in
addition to ident maps?
--
Why waste time learning when ignorance is instantaneous?
-- Hobbes
---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddres sHere" to ma*******@postg resql.org)
Keith G. Murphy said: Perhaps I can answer my own question. I could use ident and a map that lists the web server username as able to map to the different "role" usernames.
Someone else also mentioned and I personally agree that it's better to
authenticate in the application layer (using whatever technology takes
your fancy), and then use the webserver's generic/pooled connection to
communicate with the database.
Your user and role mapping info could be stored within the database, or
accessed from an LDAP server, or some such.
Unfortunately, that still would allow the web server account to "fake" role names.
Make the application layer robust and secure and it may not be so much of
a problem.
John
---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings
On Tue, 13 Jan 2004, Keith G. Murphy wrote: I'm trying to get a feel for what most people are doing or consider best practice.
Given a mod_perl application talking to a PostgreSQL database on the same host, where different users are logging onto the web server using LDAP for authentication, do most people
1) have the web server connecting to the database using its own user account (possibly through ident), and controlling access to different database entities strictly through the application itself
2) have the web server connecting to the database actually using the user's account (possibly using LDAP authentication against PostgreSQL), and controlling access to different database entities through GRANT, etc.
Obviously, (2) leads to more database connections, and you still have to have the application do some work in terms of which forms are available to which users, etc. But I'm a little worried about whether it's best security practice.
I do 1. different language (PHP) same basic thing though. All security
is handled by ACLS I build myself in Postgresql and interrogate via my own
application.
---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend
"Keith G. Murphy" <ke******@minds pring.com> writes: Hmmm, mightn't it be kind of nice if there were PAM or krb5 maps in addition to ident maps?
ISTM the whole point of PAM is that you plug in your desired security
policy outside of the application. You shouldn't be asking for more
security frammishes from Postgres, you should be off coding a PAM module
that does things exactly the way you want.
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddres sHere" to ma*******@postg resql.org)
Tom Lane wrote: "Keith G. Murphy" <ke******@minds pring.com> writes:
Hmmm, mightn't it be kind of nice if there were PAM or krb5 maps in addition to ident maps?
ISTM the whole point of PAM is that you plug in your desired security policy outside of the application. You shouldn't be asking for more security frammishes from Postgres, you should be off coding a PAM module that does things exactly the way you want.
I believe I see what you mean. Given the original premise, I imagine
you could have the PAM module do something like:
(1) Authenticate via LDAP using the user's username and password
(2) Look up the "role" name (real PostgreSQL username) via LDAP, using
the username
(3) Tell PostsgreSQL that the user is authenticated under role name.
I really hadn't thought much about how the PAM module might work.
--
Why waste time learning when ignorance is instantaneous?
-- Hobbes
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to ma*******@postg resql.org so that your
message can get through to the mailing list cleanly
On Tue, Jan 13, 2004 at 11:15:30 -0600,
"Keith G. Murphy" <ke******@minds pring.com> wrote: Perhaps I can answer my own question. I could use ident and a map that lists the web server username as able to map to the different "role" usernames. Unfortunately, that still would allow the web server account to "fake" role names.
If you can't trust the web server account then you probably want to use
a system where cgi-bin programs are run as different users.
If you have untrusted users who can supply their own cgi-bin programs
then using a common uid which all cgi-bin programs run under isn't
secure.
If the "real" PostgreSQL accounts do not coincide to the browser-authenticated usernames, I don't see a good way to use PAM/LDAP or another mechanism to require that PostgreSQL itself makes sure that the given username and password are valid. Not saying that's a big problem, but...
I don't think using information received from the browser to authenticate
versus the postgres server works when you can't be assured that the
cgi-bin program doing the checking is trustworthy.
---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddres sHere" to ma*******@postg resql.org) This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: DrUg13 |
last post by:
In java, this seems so easy. You need a new object
Object test = new Object() gives me exactly what I want.
could someone please help me understand the different ways to do the
same thing in C++. I find my self sometimes, trying
Object app = Object();
Object *app = Object();
Object app = new Object();
|
by: Matt Kruse |
last post by:
http://www.JavascriptToolbox.com/bestpractices/
I started writing this up as a guide for some people who were looking for
general tips on how to do things the 'right way' with Javascript. Their code
was littered with document.all and eval, for example, and I wanted to create
a practical list of best practices that they could easily put to use.
The above URL is version 1.0 (draft) that resulted. IMO, it is not a
replacement for the FAQ,...
|
by: RS |
last post by:
Hi,
What's the best practice to save user preferences for a .NET
application . For example if the user does not want anymore to see
Tip-Of-The-Day (TOTD), the user can tick a checkbox on the window
showing the tip (TOTD). That tick will be recorded so that next time
the user logs in, the application will suppress the display of TOTD.
Now if I expand this simple example, say the user is so expert at what
he does with the application he...
|
by: Phil Campaigne |
last post by:
I am developing a java/postgresql application using ant and junit. I
want to deploy tested builds along with matching tables with test data
in them.
What is the best way to deploy the tables and data to postgresql to
match a war file?
thanks,
Phil
|
by: Collin Peters |
last post by:
I have searched the Internet... but haven't found much relating to this.
I am wondering on what the best practices are for migrating a
developmemnt database to a release database. Here is the simplest
example of my situation (real world would be more complex).
Say you have two versions of your application. A release version and a
development version. After a month of developing you are ready to
release a new version. There have...
| |
by: Michael Glaesemann |
last post by:
Hello all,
Recently I've been thinking about different methods of managing users
that log into a PostgreSQL-backed application. The users I'm thinking
of are not necessarily DBAs: they're application users that really
shouldn't even be aware that they are being served by the world's most
advanced open source database server. I appreciate any thoughts or
feedback people may have, as I'm trying to decide which is the most
appropriate way...
|
by: BK |
last post by:
We've got a fairly large scale development process under way in .NET
2003. We are about a month away from go-live for phase 1, second phase
is rather short and all work should be completed in the next 2 months.
Looking back on problems encountered, we want to learn from this
project. FWIW, we are nearly on time with the original time line (only
off by about a month), and we actually added more functionality than
the original specs...
|
by: Venkat |
last post by:
Hi,
We have a windows application developed in c# and SQL Server 2005. Our
application need to execute more than one command (ExecuteReader and
ExecuteScalar) at a single time. Till now we have we use with only one
connection created during start up of application and will be
displose/closed when user logs out of application. With the single database
connection we have problems when trying to execute more than command at a
particular...
|
by: sabbadin12 |
last post by:
Hi,
I'm going to work on an application that uses a postgreSQL database so
that it can uses SQLServer 2005.
I think I solved most problems on the programming side, but I still
have some doubts on the DB side regarding how to handle the creation
of the db schema on sqlserver and how to handle the every day dba
work.
1) should I try to use an ER tool like Embarcadero and have its
logical model be the master copy ? (i did some tests, it...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |