Forgive me if this is a basic and trivial (i.e., stupid) question. I haven't
been using postgres very long, and I'm not an experienced database system
developer.
I noticed that there is a very powerful group-based security feature in
postgres. Very nice - I like it alot. So one way to implement security
constraints is to define appropriate groups, assign memobership of users
to those groups, and then assign group-based permissions to the assorted
database objects (e.g., tables). Fantastic!
However, ... this requires each entity accessing the databse to be
defined as a user. In the context of a web application, this paradigm
doesn't necessarily make sense since there may be many unknown users.
Somehow those users must be mapped to a "role." I suppose you can map
all unknown users into the user "guest" and then define guest privileges
appropriately.
Is this a good approach? Is there better way to do this? Is there an
altnerate way to consider?
--
% Randy Yates % "My Shangri-la has gone away, fading like
%% Fuquay-Varina, NC % the Beatles on 'Hey Jude'"
%%% 919-577-9882 %
%%%% <ya***@ieee.org > % 'Shangri-La', *A New World Record*, ELO http://home.earthlink.net/~yatescr 2  1566 
I should have mentioned that it seems like the obvious alternative
is to perform security checking at the application layer, preventing
unauthorized access before even attempting to execute a query against
the database.
Comments?
--Randy
Randy Yates <ya***@ieee.org > writes: Forgive me if this is a basic and trivial (i.e., stupid) question. I haven't
been using postgres very long, and I'm not an experienced database system
developer.
I noticed that there is a very powerful group-based security feature in
postgres. Very nice - I like it alot. So one way to implement security
constraints is to define appropriate groups, assign memobership of users
to those groups, and then assign group-based permissions to the assorted
database objects (e.g., tables). Fantastic!
However, ... this requires each entity accessing the databse to be
defined as a user. In the context of a web application, this paradigm
doesn't necessarily make sense since there may be many unknown users.
Somehow those users must be mapped to a "role." I suppose you can map
all unknown users into the user "guest" and then define guest privileges
appropriately.
Is this a good approach? Is there better way to do this? Is there an
altnerate way to consider?
--
% Randy Yates % "My Shangri-la has gone away, fading like
%% Fuquay-Varina, NC % the Beatles on 'Hey Jude'"
%%% 919-577-9882 %
%%%% <ya***@ieee.org > % 'Shangri-La', *A New World Record*, ELO
http://home.earthlink.net/~yatescr
--
% Randy Yates % "Watching all the days go by...
%% Fuquay-Varina, NC % Who are you and who am I?"
%%% 919-577-9882 % 'Mission (A World Record)',
%%%% <ya***@ieee.org > % *A New World Record*, ELO http://home.earthlink.net/~yatescr
Presumably in the context of a web application, you've got control over
the contexts in which users exist and log in. People accessing publicly
accessible page, for instance, might connect as one user; people
accessing content via a login might connect as another.
Basically, for each role your web application creates in terms of types
of users, you can create a postgres user.
Often, it's as simple as creating a single postgres user that acts as a
proxy for the entire web application because, if you're the web
application designer as well, or can have authority over the
application in some way, you can know what sorts of permissions will be
required in the database.
-tfo
On Sep 7, 2004, at 11:39 PM, Randy Yates wrote: Forgive me if this is a basic and trivial (i.e., stupid) question. I
haven't
been using postgres very long, and I'm not an experienced database
system
developer.
I noticed that there is a very powerful group-based security feature in
postgres. Very nice - I like it alot. So one way to implement security
constraints is to define appropriate groups, assign memobership of
users
to those groups, and then assign group-based permissions to the
assorted
database objects (e.g., tables). Fantastic!
However, ... this requires each entity accessing the databse to be
defined as a user. In the context of a web application, this paradigm
doesn't necessarily make sense since there may be many unknown users.
Somehow those users must be mapped to a "role." I suppose you can map
all unknown users into the user "guest" and then define guest
privileges
appropriately.
Is this a good approach? Is there better way to do this? Is there an
altnerate way to consider?
--
% Randy Yates % "My Shangri-la has gone away, fading
like
%% Fuquay-Varina, NC % the Beatles on 'Hey Jude'"
%%% 919-577-9882 %
%%%% <ya***@ieee.org > % 'Shangri-La', *A New World Record*,
ELO
http://home.earthlink.net/~yatescr
---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddres sHere" to ma*******@postg resql.org) This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Quest Master |
last post by:
I am interested in developing an application where the user has an
ample amount of power to customize the application to their needs, and
I feel this would best be accomplished if a scripting language was
available. However, I want to code this application in Python, and I
have not yet heard of an implementation of another scripting language
into Python.
An example of what I mean is this (an implementation of Lua into Ruby
-- which I'd...
|
by: Patrick |
last post by:
I have two ASP pages
payment.asp:
For customers to fill in payment/card details (pre-populating details if
details submitted were invalid and user had to re-fill in details)
confirmorder.asp:
Display the credit card details in hidden fields and also the order details
from Database
My question is
|
by: anon |
last post by:
Post Forwarding question......
For this control below,
<asp:Button runat="server" PostTargetUrl="page2.aspx" />
The Attribute: PostTargetUrl="page2.aspx"
Is this PostTargetUrl Attribute going to be available in the <a> and Html
Controls as well as opposed to just the <asp:Button> control?
|
by: Will |
last post by:
I am looking at using a table with user names, passwords and user rights,
which I would administer. I have read a lot about the shortfalls of this
and the lack of security but the customer does not wish to use Access
security and what they are more focused on is a solution for when a user
performs a critical action the system can verify that it is actually that
user, e.g. Checks User Name and Password in a table in place of just
selecting...
|
by: Greg Strong |
last post by:
Hello All,
What are the best ways to implement security for Access databases (i.e.
..MDB files)?
I ask the question from a general perspective. Why? Well I had written
a prototype database which I split. So I thought that I'd implement
security on it. The security worked great for both groups (i.e. Admins
& Users), but after looking at the detail I took it a little further.
| | |
by: Ivan Demkovitch |
last post by:
Hi!
I have Portal application which is on http. However I like to do user
authentification using SSL
I like approach most sites use:
They have
<form name="loginForm" action="https://sss" method="post">
|
by: Steve Bostedor |
last post by:
Does anyone have an example of how to file.copy as another user? Do I
create a new thread as another user? How is that done?
Thanks!
|
by: Bruno |
last post by:
I have a feature that is hosted on a different domain from the primary one
in a frame, and need to retain values in a cookie.
example: A web page at one.com contains a frame which has a page hosted at
two.com
If I view the frameset from one.com in Firefox, all works well with the
content from two.com. But if trying to view this using IE (with standard
security settings), the cookie set by two.com is not accessible.
|
by: nancy |
last post by:
I am new to PHP but have done other programming
can someone please hold my hand and slowly talk me through some simple
security issues?
I have seen in PHP documents that there are 'strip slashes' commands and
so on but I dont understand where the security issues actually are.
i am writing some scripts that will shell out and call different linux
shell programs such as 'ls' or 'grep' or 'sed' and so on and possibly
update a 'mysql'...
|
by: Earl Anderson |
last post by:
First, I feel somewhat embarrassed and apologetic that this post is lengthy,
but in an effort to furnish sufficient information (as opposed to too little
information) to you, I wanted to supply all of the relevant facts. Second,
despite the fact that I think the obvious 'quick' answer to my question
would be 'Yes', I am seeking your wisdom and recommendation to the question
as to this particular set of circumstances.
I have 20 Security...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| | |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
| | |
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
