On Tue, Aug 16, 2011 at 1:47 PM, Chris Travers <chris.trav...@gmail.com> wrote: > On Tue, Aug 16, 2011 at 11:08 AM, Merlin Moncure <mmonc...@gmail.com> wrote: > >> why not? if you are serving http, just put thin connection pooler in >> your http server (node.js would be great for that). if you are >> serving libpq directly, you can pool with pgbouncer. >> > Who enforces security and how?
*) http wrapper (example node.js): check security in the wrapper. presumably your application server would be keeping sessions state independently of database session and would do verification on every call. *) stock pgbouncer: there is essentially no strong way of checking security. what we ended up doing was modifying pgbouncer to keep track of the client auth and building a query whitelist. very simple and effective. we also added in support for listen/notify. imagine interacting directly with remote agents inside the psql console and being able to join client provided data to other tables in the database :-). ad hoc sql obviously can't be allowed from an untrusted source. merlin -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
