[baseten-users] Client-server app
Marko Karppinen
marko at karppinen.fi
Tue Jul 7 13:03:13 EEST 2009
On 7 Jul 2009, at 00:21, Daniel Brajkovic wrote:
> My goals are 1) encrypted communication and 2) ability to make sure
> that only instances of my app are connecting to my db. Someone with
> PGAdmin should not be able to connect even if they learned of a PG
> role and password.
Accomplishing the second goal in a secure fashion does not sound
feasible to me.
You should define your schema and its permissions so that a user could
access Postgres directly and still not gain access to anything they
shouldn't see.
You mentioned earlier that each customer has data that only they
should see. You have a couple of options:
1) Customer-specific schema or database. This is easiest from a
development perspective, but feasibility depends on the number of
customers you are planning for.
2) View-only access. You only grant your users access to views of your
data that are qualified with a clause like WHERE user = current_user,
and write the corresponding rules that allow inserts/updates/deletes
to these views. You can enable these views in BaseTen Assistant just
like a physical table.
Both approaches work fine with BaseTen.
Marko
More information about the baseten-users
mailing list