From: | Dick Davies <rasputnik(at)hellooperator(dot)net> |
---|---|
To: | "Dearman, Rick" <rick(dot)dearman(at)teamuk(dot)telstra(dot)com> |
Cc: | General PostgreSQL list <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Create a cache DB between web portal and internal DB? |
Date: | 2004-12-21 10:31:34 |
Message-ID: | 20041221103134.GB12067@lb.tenfour |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
* Dearman, Rick <rick(dot)dearman(at)teamuk(dot)telstra(dot)com> [1245 05:45]:
> I have a requirement from my security manager but I can't seem to find a good solution.
> So I wondered if someone had done something similar.
>
> We have a web portal and a DB in PostgreSQL (obviously) which contains user data.
> The portal is accessed by account managers who have access to only specific user accounts.
> This all works fine however the concern is that if you ever got access more directly
> into the DB through a hack, or poorly designed site code,
> you could potentially access information that you shouldn't.
>
> So the idea is that he is floating is we create a cache DB between the portal and the
> main DB which will only keep the information currently being worked on by the person logged in,
If I was you, I'd have major concerns and have a chat with the manager in question.
How is that going to help anything - surely the cache DB would have to do a
query to populate itself anyway, which you have to check to gain any security benefit?
You're in a similar boat for updates.
If you're going to check the queries it makes somehow, just do those checks on the queries
you get in the first place.
This sounds like a pain in the arse to implement, maintain and debug with no benefits.
Far better to spend that time cleaning up your application code and implementing a decent backup
policy.
--
'A little rudeness and disrespect can elevate a meaningless interaction
into a battle of wills and add drama to an otherwise dull day.'
-- Calvin discovers Usenet
Rasputin :: Jack of All Trades - Master of Nuns
From | Date | Subject | |
---|---|---|---|
Next Message | Kaloyan Iliev Iliev | 2004-12-21 10:50:14 | Re: Problems with pg_restore |
Previous Message | Patrick Hatcher | 2004-12-21 10:21:41 | DELETE versus TRUNCATE during pg_dump.... |