Re: Client/Server Security question

From: Hauke Lampe <lampe(at)tucco(dot)de>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: Client/Server Security question
Date: 2001-04-22 03:36:26
Message-ID: 20010422053626.A13721@tucco.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general pgsql-interfaces pgsql-sql

Lonnie Cumberland [lonnie_cumberland(at)yahoo(dot)com] wrote:

> In the interest of security, I am wondering if it is possible to turn off some
> of the functions in the SQL command list such that a user can only communicate
> to the database through our functions.

I suggest using a specialised SQL Proxy on the entry gateway that allows
only a certain set of SQL functions from one host and relays the to the
DB inside. This ensures that possibly dangerous commands like 'DROP' or
'CREATE USER' will never reach the DB regardless of the permissions of
the username used by the proxy.

I don't know of any existing (postgre-)sql proxy solutions yet, though.

> but I only want to allow an outside
> query to only one or two of our selected entry points.

Set appropiate packet filtering rules on both the webserver and the
entry point(s).

HTH,
Hauke

--
Hauke Lampe - TUCCO - The Universal Communication Company
http://www.tucco.de - fon: +49-40-65777-510, fax: +40-40-65777-250

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Justin Clift 2001-04-22 04:09:10 Re: Sourceforge PG crash
Previous Message David Wall 2001-04-22 00:04:37 Re: ERROR: SET TRANSACTION ISOLATION LEVEL must be called before any query

Browse pgsql-interfaces by date

  From Date Subject
Next Message Carlos Moreno 2001-04-22 16:23:06 General question (C++ interfacing to PostgreSQL)
Previous Message David Wall 2001-04-22 00:05:55 Re: ERROR: SET TRANSACTION ISOLATION LEVEL must be called before any query

Browse pgsql-sql by date

  From Date Subject
Next Message Matthew Hixson 2001-04-22 21:07:08 Re: Client/Server Security question
Previous Message Oliver Elphick 2001-04-21 21:47:25 Re: PSQL 7.1 DEBS