[baseten-users] Client-server app

Daniel Brajkovic daniel at brajkovic.com
Wed Jul 8 18:04:54 EEST 2009 

Thanks. #2 sounds like the better plan for scalability. Except, I am  
not very well versed in SQL or in PostgreSQL's rule system. My skills  
on the DB side are limited to create in XCode modeler, and run BaseTen  
assistant.  I tried reading PGL's documentation and I probably just  
got more confused.

Is there any chance someone can put up a simple tutorial on the wiki  
regarding this.



On Jul 7, 2009, at 5:03 AM, Marko Karppinen wrote:

> On 7 Jul 2009, at 00:21, Daniel Brajkovic wrote:
>> My goals are 1) encrypted communication and 2) ability to make sure  
>> that only instances of my app are connecting to my db. Someone with  
>> PGAdmin should not be able to connect even if they learned of a PG  
>> role and password.
>
>
> Accomplishing the second goal in a secure fashion does not sound  
> feasible to me.
>
> You should define your schema and its permissions so that a user  
> could access Postgres directly and still not gain access to anything  
> they shouldn't see.
>
> You mentioned earlier that each customer has data that only they  
> should see. You have a couple of options:
>
> 1) Customer-specific schema or database. This is easiest from a  
> development perspective, but feasibility depends on the number of  
> customers you are planning for.
> 2) View-only access. You only grant your users access to views of  
> your data that are qualified with a clause like WHERE user =  
> current_user, and write the corresponding rules that allow inserts/ 
> updates/deletes to these views. You can enable these views in  
> BaseTen Assistant just like a physical table.
>
> Both approaches work fine with BaseTen.
>
> Marko
>
>
> _______________________________________________
> baseten-users mailing list
> baseten-users at lists.basetenframework.org
> http://lists.basetenframework.org/mailman/listinfo/baseten-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2423 bytes
Desc: not available
URL: <http://lists.basetenframework.org/pipermail/baseten-users/attachments/20090708/daaaa971/attachment.bin>

More information about the baseten-users mailing list