My team has created a Postgres database and I'm trying to work on some security concerns.
Quick background: We are moving from an Oracle DB to Postgres DB. With Oracle we used multiple db to store data that is concidered sensitive when placed together (much like storing a username and password in the same location). We cannot use the dblink extension for Postgres, and have been given some leniency to test the idea of separating the data by schema. Access for users will be through a html/PHP GUI, and all queries are predetermined, so there is limited access that way.
I know that you can set the schema permissions based on user accounts,this has to be written into the PHP so that the script can gain access to the db/schema/tables. (Enter the Security Team) If someone "hacks in" and gains access to the PHP portion of the code, they will have access to the usernames and passwords for the db.
So my question is can you grant access to the db not by a user account but grant it to the script itself? So that the script would not need a username/password written into it?
