From: | Sandro Dentella <sandro(at)e-den(dot)it> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | permission in the db or in the application? |
Date: | 2006-12-18 12:10:06 |
Message-ID: | 20061218121006.GA8854@casa.e-den.it |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Hi all,
I'm starting a project in which I will use PostgreSQL in which I need to
check permissions at different levels (eg.: status of a record, hierarchy
and so on). The application needs to run with a web interface (sigh!).
At first I thought i'd like to put as much permission logic as possible in
the database, and I was willing to evaluate veil for that.
The reasons where mainly two:
1. to be sure that those permission where observed independently from the
way I was accessing the data. No way to create security 'holes'
2. simplicity in the code
Some days ago I read an e-mail of somebody that strongly opposed to using
a db other than for ACID features.
I'd like to hear from this list some thoughts on this subjects.
thanks
sandro
*:-)
--
Sandro Dentella *:-)
http://www.tksql.org TkSQL Home page - My GPL work
From | Date | Subject | |
---|---|---|---|
Next Message | riki | 2006-12-18 13:09:22 | Re: installing postgres on win Me... |
Previous Message | Raymond O'Donnell | 2006-12-18 11:37:28 | Re: installing postgres on win Me... |