| From: | "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
|---|---|
| To: | "Adam Witney *EXTERN*" <awitney(at)sgul(dot)ac(dot)uk>, "pgsql-general" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Is this a security risk? |
| Date: | 2008-12-17 07:48:41 |
| Message-ID: | D960CB61B694CF459DCFB4B0128514C202DCBE33@exadv11.host.magwien.gv.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Adam Witney wrote:
> I would like to provide a limited view of my database to some users,
> so i thought of creating a second database (I can control access by IP
> address through pg_hba.conf) with some views that queried the first
> database using dblink.
In my opinion dblink is not the right tool for that.
It will require a user account on the "secret" database through which
dblink accesses it. You'd have to restrict permissions for that user
if you want to keep the thing secure.
So why not access the "secret" database directly with that user and
get rid of the added difficulty of dblink?
You can rely on the permission system. Just grant the user the appropriate
privileges on the necessary objects, and if you need the user to see
only part of the data in a table, create a view for that.
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Herouth Maoz | 2008-12-17 08:38:40 | Copy/delete issue |
| Previous Message | Devrim GÜNDÜZ | 2008-12-17 06:06:02 | Re: Releasing new version of PostgreSQL Live CD |