Re: Re[2]: Restricting queries by the presence of a WHERE clause
| От | Lincoln Yeoh |
|---|---|
| Тема | Re: Re[2]: Restricting queries by the presence of a WHERE clause |
| Дата | |
| Msg-id | 3.0.5.32.20000629090919.00925d90@pop.mecomb.po.my обсуждение исходный текст |
| Ответ на | Re[2]: Restricting queries by the presence of a WHERE clause (John Morton <jwm@plain.co.nz>) |
| Список | pgsql-general |
> > webclient <---> proxy <---> Postgres > >Ok. Pluses: > >- The standalone program is easier to hack together than delving into the > database I could probably just hack on SQL Relay or something. >- The proxy can be as tightly secured as the database without losing > functionallity, as it only needs to accept a connection from the secure > web server. > >Minuses: > >- Another machine to buy >- Root on the proxy is as bad as root was on the secure server, so.. >- The simple hack will need thorough security auditing >- It's yet another machine to secure. >- It's yet another point of failure. If you're not too afraid you could try running the proxy server on the database. Check out Perl's DBD Proxy and Server. I believe you can use it to limit the sort of queries that go through. In fact you could probably use it write a proxy which only does a handful of queries - where the SQL is prestored/hardcoded in the proxy, so in effect all the client can supply are the parameters. Now, the question is - would the DBD proxy be fast, robust and safe enough for you... Also another issue is you will probably need to use perl at the relevant webapps- the client (webapp) will use DBD proxy to talk to DBD server which will then talk to the actual database. Cheerio, Link.
В списке pgsql-general по дате отправления: