Re: How to configure PostgreSQl for low-profile users
| От | Bill Moran |
|---|---|
| Тема | Re: How to configure PostgreSQl for low-profile users |
| Дата | |
| Msg-id | 20090318170018.aa77e854.wmoran@potentialtech.com обсуждение исходный текст |
| Ответ на | How to configure PostgreSQl for low-profile users ("dfx" <dfx@dfx.it>) |
| Список | pgsql-general |
In response to "dfx" <dfx@dfx.it>: > Dear Sirs, > > I would like to rent a my application to a number of customer, each with a > dedicated database (and perhaps a dedicated username). > > The database will be installed on 'public IP' machine and will be accessed > by internet on standard port 5432 and using ODBC driver from several clients > (whith the client part of the procedure installed on each machine). > > My questions are: > > It is possible to configure the security policy so that the simple users > (the customer, in this case) can only read, write, update end delete data to > the dedicated database AND NOTHING ELSE, particularly: > > - I would like to create each database with a different (customer) username > (only one per database, in addition to the standard user postgres) > - The user (customer): > ---- cannot change his own username and the password > ---- cannot backup the database > ---- cannot read (the text of) the stored procedures, but execute only > ---- cannot know the 'existence' of the other databases A lot of these aren't supported (the "existence" thing, in particular) If you really need to prevent users from knowing about each other, you'll probably be better off using a virtual machine infrastructure to give each client a dedicated DB system. FreeBSD jails are particularly useful for this because of how lightweight they are. -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/
В списке pgsql-general по дате отправления: