Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Y
Y
Yuri2019-11-08 09:40:21
PostgreSQL
Yuri, 2019-11-08 09:40:21

How to delimit data visibility in Postgresql tables?

There is a certain Postgresql system serving several client companies. Due to the specifics of the activity, customer data cannot be divided into different databases, schemas, tables (i.e., data from different customers are in the same tables). At the moment, the separation of access to data is implemented at the level of the client application. The client is given an application with its specific identifier, and it "does not show" other people's data, but the logins / passwords of users within the client company are different (necessary for auditing). If you connect using third-party software with these logins / passwords, you will have access to all data. Naturally, it’s hard to even call this a security hole, it’s just open data in the palm of your hand.
We need advice on how to distinguish between the visibility of data, and indeed on the architecture of such systems.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
M
Melkij, 2019-11-08
@ploop

RLS is what you want to hear.
A separate service between the database and clients not controlled by you is what you need to do. The base in the world should not be open. DoS is done quite simply even without knowing the passwords, and even with access ...

Report
R
Rsa97, 2019-11-08
@Rsa97

Move from direct access to the database to the client-server option. Then the client will see only what your server gives him.

Similar questions
A
Anton2019-03-06 09:30:19
What Grafana Dashboard are you using for updated postgres_exporter queries? 1Reply
B
Black back2020-11-30 15:18:03
How can such a request be made? 1Reply
S
Sam Stay2014-10-12 06:33:33
Why is PostgreSQL 9.3 not included in ISPManager 4 Pro? 1Reply
B
B1ackGh0st2019-03-13 10:39:07
Is it possible to dynamically create flask and SQLAlchemy db tables via Flask-admin? 0Reply
D
delkov2016-10-14 12:06:05
File transfer. How to write to the database from another server? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question