Re: [GENERAL] Not clear how to switch role without permitting switch back
| От | George Neuner |
|---|---|
| Тема | Re: [GENERAL] Not clear how to switch role without permitting switch back |
| Дата | |
| Msg-id | 9u2a7c97nc6s60rdh39us7lpohhghf6lpb@4ax.com обсуждение исходный текст |
| Ответ на | [GENERAL] Not clear how to switch role without permitting switch back (Guyren Howe <guyren@gmail.com>) |
| Список | pgsql-general |
On Mon, 9 Jan 2017 23:05:47 -0800, Guyren Howe <guyren@gmail.com> wrote: >For my Love Your Database Project: > >https://medium.com/@gisborne/love-your-database-lydb-23c69f480a1d#.8g1ezwx6r <https://medium.com/@gisborne/love-your-database-lydb-23c69f480a1d#.8g1ezwx6r> > >Im trying to see how a typical web developer might use Postgres >roles and row-level security to implement their authorization. > >What Im struggling with is that connection pooling seems to make >straightforward use of the roles to enforce access impossible. > >If Im using a connection pool, then Im not re-connecting to >Postgres with the user for the current transaction. But then my >only option is to use SET ROLE. But that is not much security at >all, because the current user can just do SET ROLE back to the >(presumably privileged) default, or to any other users role. > >What am I missing here? That middleware can control what a user is permitted to do. YMMV, but to me "web application" means there is a server-side program sitting in front of the database and controlling access to it. I grudgingly will permit *compiled* clients direct connection to an Internet facing database, but I am dead set against allowing direct connection from any browser hosted code because - regardless of any "shrouding" that might be done - browser code is completely insecure, accessible to anyone who can right-click on the page. George
В списке pgsql-general по дате отправления: