From: | Luis Alberto Pérez Paz <midriasis(at)gmail(dot)com> |
---|---|
To: | "Marko Kreen" <markokr(at)gmail(dot)com> |
Cc: | d(dot)wall(at)computer(dot)org, pgsql-general(at)postgresql(dot)org |
Subject: | Re: Postgresql + digital signature |
Date: | 2008-01-25 16:57:18 |
Message-ID: | 7f64980c0801250857t2cd2a99dt93df5863eb15c219@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Hi Marko,
Actually I have it,
However I was thinking the problem in a wrong way. In my particular case,
the fact of the private key in memory is a good reason for discard the
electronic signature, I mean, in order to have a real protection against the
data modification I need a TSA (time stamping service) or something like
that and my problem grow.
Thanks a lot for your advice (and your time). They were really helpful.
Best Regards,
On Jan 23, 2008 1:59 PM, Marko Kreen <markokr(at)gmail(dot)com> wrote:
> On 1/23/08, Luis Alberto Pérez Paz <midriasis(at)gmail(dot)com> wrote:
> > Very interesting point of view.
> > Yes, you're right about the manage key problem.
> >
> > The grant database access looks like a real solution.
>
> Eh, for some reason I imagined you have have some good reason
> why simple solutions are not enough...
>
>
> Btw, if you try to simply rrestrict access to your data, one good
> way for that is to make all data access and modification go via
> SECURITY DEFINER functions, so that user have no access to
> underlying data tables.
>
> This gives both more flexible access handling than simple GRANTs
> can give you and also give ability to do smooth schema upgrades
> without applications noticing.
>
> --
> marko
>
--
paz, amor y comprensión
(1967-1994)
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2008-01-25 17:05:12 | Re: best way to query |
Previous Message | johnf | 2008-01-25 16:51:47 | Re: exporting postgre data |