> As far as doing client/server stuff with just a database engine, > unless you have tight control over the environment end to end, from a > security pov, it's not a good idea to expose the database engine > itself to the internet. Better to put a restricted web services API > in front of it that handles all the authorization needs > (access-control) on the detailed level that you require.
Excuse me but that's bullshit. PostgreSQL is definitely more secure than any self-made RPC protocol with a self-made "web" server on top of SQLite that re-invents what PostgreSQL provides "out of the box" and much more efficient that http could ever do it. Experience with security of PostgreSQL servers exposed to "the internet" has been capitalised for much more than a decade now. You won't get anywhere close to that level of security (and reliability) with your private selfmade webnonsense anytime soon. And if there's anything that all those scriptkiddies know their way with it's http servers. Sincerely, Wolfgang -- http://mail.python.org/mailman/listinfo/python-list
