Re: [GENERAL] Re: pgsql-general-digest V1 #550

Hi Manuel,

If security is an issue then it is a good idea to keep the part of the
application that accesses the database on a secure system. Because a lot of
bad things are possible if the entire application runs on an uncontrolled
client and is given great authority and direct access to the database.

e.g.
Entire application (UPDATE,DELETE,INSERT ability)
|
Uncontrolled system
|
|database connection
|
| --Boundary of control--
database server

vs

Auxiliary application
|
Uncontrolled client/system
|
|network connection/HTTP/HTTPS
|
|  --Boundary of control--
Application server/webserver
|
Main application (decides what can be done)
|
|database connection
|
database server

Of course if you are only allowing SELECTs to a few nonsensitive tables
then it's not a problem. However if you are going to expand the application
later and it needs to do INSERTS etc, then maybe some thought has to go
into the architecture.

To be clear, you can still use Java with the 2nd architecture, it can be on
the client and/or the application server.

For java links try http://java.sun.com/
Or do a search for stuff like JDBC at www.google.com

I'm not too fond of Java myself - system programming language with the
"speed" of a scripting language. Plus, every other step you have to pay
significant money, unlike stuff like Perl,Python,Tcl.

Cheerio,

Link

At 05:53 PM 01-12-1999 +0800, Manuel Cabido wrote:
>Sir:
>
>   I working on an application that needs to access the postgresql
>database using a web page. Java was suggested to me as a very good
>platform. Can anyone give me some ideas where i can obtain some components
>like the database components available to delphi or visual basic which i
>can use in my web page using java?