I usually have a DBA available to me, but have to "wing it" this time...
I know what I =want=. What I don't know is ?how? to do it?
I want to set up a web app to have access privileges that allow the
app to communicate only with certain
a= pg stored procedures or
b= java servlets which then talk to pg stored procedures (think
Apache + Tomcat but not J2EE environment with a possible Hibernate layer).
The pg stored procedures will be the only things that have the
privileges to actually do DB IO.
Since the web app can only talk to a restricted set of entities, and
I can "lock down" those entities and/or verify traffic with them to
my heart's content, this seems to be the best way to avoid SQL code
injection, processes that bootstrap their privileges, etc, etc.
So how do I do this?
Ron
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
