Security Issues: Allowing Clients to Execute SQL in the Backend.
| От | Hello World |
|---|---|
| Тема | Security Issues: Allowing Clients to Execute SQL in the Backend. |
| Дата | |
| Msg-id | CAB8jeLnU1=aJdh-UYTODo8LspDm0hpCDj=ALc7V2UXxayCHCTA@mail.gmail.com обсуждение исходный текст |
| Ответы |
Re: Security Issues: Allowing Clients to Execute SQL in
the Backend.
Re: Security Issues: Allowing Clients to Execute SQL in the Backend. Re: Security Issues: Allowing Clients to Execute SQL in the Backend. |
| Список | pgsql-general |
Hello!
I'm developing a web application that needs to display data from a postgres backend.[ App/Client ] -----> query in SQL ---> [Web server] ---> same SQL query --> [PG database]
***********
I would simply use the roles/permssion system inside Postgres to determine what users
can do and cannot do. Clients have to authenticate as one of the roles (not superusers) defined in the database.
************
can do and cannot do. Clients have to authenticate as one of the roles (not superusers) defined in the database.
************
Given this are there any security other issues about letting client applications execute arbitrary SQL commands on the backend database?
Thanks.
В списке pgsql-general по дате отправления: