> > webclient <---> proxy <---> Postgres > >Ok. Pluses: > >- The standalone program is easier to hack together than delving into the > database I could probably just hack on SQL Relay or something. >- The proxy can be as tightly secured as the database without losing > functionallity, as it only needs to accept a connection from the secure > web server. > >Minuses: > >- Another machine to buy >- Root on the proxy is as bad as root was on the secure server, so.. >- The simple hack will need thorough security auditing >- It's yet another machine to secure. >- It's yet another point of failure. If you're not too afraid you could try running the proxy server on the database. Check out Perl's DBD Proxy and Server. I believe you can use it to limit the sort of queries that go through. In fact you could probably use it write a proxy which only does a handful of queries - where the SQL is prestored/hardcoded in the proxy, so in effect all the client can supply are the parameters. Now, the question is - would the DBD proxy be fast, robust and safe enough for you... Also another issue is you will probably need to use perl at the relevant webapps- the client (webapp) will use DBD proxy to talk to DBD server which will then talk to the actual database. Cheerio, Link.
