On Sat, 2006-25-03 at 10:11 -0800, Chris Travers wrote:
> Leif Jensen wrote:
>
> > Hello,
> >
> > I have with great interrest been following this thread. We have a
> >(small) flame war in house about this and I'm very happy about all the
> >arguments I have seen. I'm a long time user of PostgreSQL (which possibly
> >makes me a bit biased ;-) ) and I think it's great. I'm not a big database
> >expert, but I try to make things as good and standard as I can.
> >
> > In this respect I have 3 questions:
> >
> >1) I wonder that no one has mentioned anything about security issues in
> >those two. I know that I'm a novice and that I didn't use MySql very much,
> >but it seems to me that the PostgreSQL security is much better than MySql
> >!?
> >
> >
> >
> Most people on the list only grudgingly use MySQL and so most are not so
> well aware of the limitations of MySQL's security model.
>
> MySQL has no concept of group memberships or group permissions (or the
> more complex role permissions). The permissions are simply at the level
> of the individual user. When I have coded complex apps on MySQL, I have
> sometimes found it necessary to emulate this level of permission so that
> the permissions can be "compiled" down to individual permissions on the
> tables. It is a real pain sometimes.
One thing that MySQL does have over PostgreSQL is column level
permissions.
I rarely need them and similar effects can be achieved joining data
from tables with different permissions.