野村 wrote:
> Web pages have username and password with basic, digest or ldap
> authorization. So if I createuser with same user and password, and if
> there is md5 or something to encode password, I wonder javascript
> connects to postgres securely.
>
for that to work, irregardless of security aspects, the postgres client
libraries would have to be installed on each web browser system, in a
form that javascript could invoke. However, I've not heard of any
javascript -> postgres bindings suitable for use in a webbrowser context...
Javascript in a webbrowser is running in a sort of sandbox and isn't
supposed to be allowed to make its own network connections, or call
system libraries directly, allowing this would be a gross security flaw
(for instance, a hostile web page could take over a users computer).
