Re: Best practice? Web application: single PostgreSQL

From: Shridhar Daithankar <shridhar_daithankar(at)myrealbox(dot)com>
To: pgsql-general <pgsql-general(at)postgresql(dot)org>
Subject: Re: Best practice? Web application: single PostgreSQL
Date: 2004-01-14 05:43:07
Message-ID: 200401141113.07715.shridhar_daithankar@myrealbox.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Tuesday 13 January 2004 22:13, Keith G. Murphy wrote:
> John Sidney-Woollett wrote:
> > What you could consider is one or more pools which map to the "roles"
> > that your (web) app supports. For example, if a user needs "minimal
> > rights" access to db resources, then your cgi (request handler) accesses
> > the data using a connection from the "minimal rights" connection pool. A
> > user needing "greater rights" would have the cgi access the database from
> > the "greater rights" pool.
>
> That sounds like an excellent compromise. How do you typically handle
> the mechanics of authentication from web server to PostgreSQL on the
> connect, using this scheme?

Umm.. I doubt role specific pooling is required. You can use set session
authorization to switch authorization of any connection.

Of course you need to connet to database as super user though. That is real
downside. If your webapp. breaks, the database can not provide any security.

Shridhar

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Martijn van Oosterhout 2004-01-14 05:51:05 Re: Optimising SQL Queries?
Previous Message Christopher Browne 2004-01-14 05:18:10 Re: serverless postgresql