| From: | Greg Speegle <Greg(at)10happythings(dot)com> |
|---|---|
| To: | pgsql-interfaces(at)postgresql(dot)org |
| Subject: | Re: Connecting remotely - multi tier |
| Date: | 2000-11-02 20:32:49 |
| Message-ID: | 3A01CF71.B5613B21@10happythings.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-interfaces |
Good point. I should know better than to say anything has to be done
a particular way, as there will always be different environments with
different requirements. However, I would always be reluctant to
expose the database to the world if it contained anything important.
Greg Speegle
Adam Lang wrote:
> But if you are an inhouse developer and the database is only in huse and the
> client is only in house and the database is not open to the public, do you
> still have to use development time to build that "middle tier" just so you
> can roll out an app that uses the company database?
>
> Adam Lang
> Systems Engineer
> Rutgers Casualty Insurance Company
> ----- Original Message -----
> From: "Greg Speegle" <Greg(at)10happythings(dot)com>
> To: <pgsql-interfaces(at)postgresql(dot)org>
> Sent: Thursday, November 02, 2000 2:42 PM
> Subject: Re: [INTERFACES] Connecting remotely - multi tier
>
> >
> >
> > keke abe wrote:
> >
> > > Adam Lang wrote:
> > >
> > > > Ok... so if I am writing a distributed application in windows that
> will use
> > > > a Postgresql backend, I should have the client interface another
> "server"
> > > > application, which will inturn access/retrieve informaton from the
> database?
> > >
> > > I'd like to know if this kind of layering is mandatory or not. Is it
> really
> > > unacceptable to expose the Posgresql backend to the rest of the world?
> Is
> > > there anything that I should be aware of if I let the clients to talk to
> > > the backend directly.
> > >
> > > regards,
> > > abe
> >
> > I'd say it is mandatory. You are opening yourself up as an easy target for
> > hackers if they can go directly to your database. Think about it. If any
> > hole in the database security is discovered, then your goose is cooked
> > right away. Getting the database off the web and behind a firewall should
> > be the least you do. That gives you two levels of protection -- the
> firewall
> > and the database.
> >
> > Plus, on the postgresql side, it is much easier to have one restricted
> user
> > account from one specific machine than to try to manage thousands of
> > dynamically created accounts.
> >
> > Just my opinion, of course.
> >
> > Greg Speegle
> >
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Clark, Joel | 2000-11-02 21:49:09 | RE: Connecting remotely - multi tier |
| Previous Message | Adam Lang | 2000-11-02 19:57:02 | Re: Connecting remotely - multi tier |