I have a requirement from my security manager but I can't seem to find a good
solution. So I wondered if someone had done something similar.
We have a web portal and a DB in PostgreSQL (obviously) which contains user
data. The portal is accessed by account managers who have access to only
specific user accounts. This all works fine however the concern is that if you
ever got access more directly into the DB through a hack, or poorly designed
site code, you could potentially access information that you shouldn't.
So the idea is that he is floating is we create a cache DB between the portal
and the main DB which will only keep the information currently being worked on
by the person logged in, and that any inserts/updates/deletes are passed on to
the main DB through additional layers of security.
Any ideas?
Rick Dearman
-----------------------------------------------------------------------
The information in this email is confidential and may be legally
privileged. It is intended solely for the addressee(s). Access to this
email by anyone else is unauthorised. If you are not the intended
recipient, please delete this e-mail and notify Telstra. Any disclosure
of the contents or recipients, distribution of, copying of or decisions
based on this email by unauthorised persons is prohibited and may be
unlawful.
Telstra Europe Ltd
3 Finsbury Square
London EC2A 1AE
---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
