PyQT app accessible over network?
Wolfgang Keller
feliphil at gmx.net
Sun Feb 24 09:31:34 EST 2013
> As far as doing client/server stuff with just a database engine,
> unless you have tight control over the environment end to end, from a
> security pov, it's not a good idea to expose the database engine
> itself to the internet. Better to put a restricted web services API
> in front of it that handles all the authorization needs
> (access-control) on the detailed level that you require.
Excuse me but that's bullshit.
PostgreSQL is definitely more secure than any self-made RPC protocol
with a self-made "web" server on top of SQLite that re-invents what
PostgreSQL provides "out of the box" and much more efficient that http
could ever do it. Experience with security of PostgreSQL servers exposed
to "the internet" has been capitalised for much more than a decade now.
You won't get anywhere close to that level of security (and reliability)
with your private selfmade webnonsense anytime soon.
And if there's anything that all those scriptkiddies know their way
with it's http servers.
Sincerely,
Wolfgang
More information about the Python-list
mailing list