| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Dale Schmitz <dschmitz4(at)cox(dot)net>, pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: Novice question about users and...rights? |
| Date: | 2017-11-27 18:00:01 |
| Message-ID: | 1511805601.2313.17.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
Stephen Frost wrote:
> > Don't have a database user for each application user, but use
> > one database user for the application to connect to the database.
>
> This makes the application have to handle all of the authentication and
> authorization for the user, which certainly requires not only more code
> in the application but may also be more complex.
True, if you give administrative application users the CREATEROLE privilege,
you can map database users to application users and have the database handle
application user management.
It is something I do not see often in the wild, but that does not mean
it is a bad thing (unless you want the application to work with different DBMS).
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2017-11-27 18:13:59 | Re: Novice question about users and...rights? |
| Previous Message | Stephen Frost | 2017-11-27 17:54:23 | Re: Subscription How? |