Re: Is this a security risk?

Adam Witney wrote:
>>> I would like to provide a limited view of my database to some users,
>>> so i thought of creating a second database (I can control access by
>>> IP
>>> address through pg_hba.conf) with some views that queried the first
>>> database using dblink.
>>
>> In my opinion dblink is not the right tool for that.
>> It will require a user account on the "secret" database through which
>> dblink accesses it. You'd have to restrict permissions for that user
>> if you want to keep the thing secure.
>>
>> So why not access the "secret" database directly with that user and
>> get rid of the added difficulty of dblink?
>>
>> You can rely on the permission system. Just grant the user the
>> appropriate
>> privileges on the necessary objects, and if you need the user to see
>> only part of the data in a table, create a view for that.
>
> thanks for your reply,
>
> The user already has permissions within the 'secret' database, but
> normally they interact with it through a web interface only. I was
> worried that the user could get in and mess around with other things,
> such as the sequences which are used to populate primary keys.
>
> Also ideally I only wanted to create a read only access to certain
> parts of the database, I couldn't think of any other way to do it...
> are there any more standard ways of doing this?

Yes.

You grant read access with GRANT SELECT ON table/view TO user.

It's no less secure than accessing a database as that user via dblink.

Yours,
Laurenz Albe