From: | "Jim C(dot) Nasby" <jim(at)nasby(dot)net> |
---|---|
To: | Josh Berkus <josh(at)agliodbs(dot)com> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: RFC: Security documentation |
Date: | 2004-02-11 17:46:24 |
Message-ID: | 20040211174624.GC32360@nasby.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Sun, Feb 08, 2004 at 11:24:56PM -0800, Josh Berkus wrote:
> The problem with this approach, of course, is that large application
> developers generally like to make the database fairly "passive" and put all
> business & security logic in the middleware. I do think it would be useful
> for them to realize that they are sacrificing a significant portion of their
> data security by doing so.
Perhaps what would be best is some kind of a 'best practices' guide.
There's far more that people should consider beyond just quoting
strings; Josh's example is just one thing.
If written carefully, such a guide could serve both experienced DBAs as
well as people who are very new to databases, since every database has
it's own prefered way of doing things.
--
Jim C. Nasby, Database Consultant jim(at)nasby(dot)net
Member: Triangle Fraternity, Sports Car Club of America
Give your computer some brain candy! www.distributed.net Team #1828
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"
From | Date | Subject | |
---|---|---|---|
Next Message | Mark Gibson | 2004-02-11 18:03:48 | Re: [GENERAL] dblink - custom datatypes don't work |
Previous Message | Mike Benoit | 2004-02-11 17:32:22 | Re: Summary of Changes since last release (7.4.1) |