| From: | "Keith G(dot) Murphy" <keithmur(at)mindspring(dot)com> |
|---|---|
| To: | johnsw(at)wardbrook(dot)com |
| Cc: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Best practice? Web application: single PostgreSQL |
| Date: | 2004-01-13 16:43:29 |
| Message-ID: | 40042031.1000005@mindspring.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
John Sidney-Woollett wrote:
> Keith G. Murphy said:
>
>>2) have the web server connecting to the database actually using the
>>user's account (possibly using LDAP authentication against PostgreSQL),
>>and controlling access to different database entities through GRANT, etc.
>
>
> My experience with java web/app servers indicates that for most setups
> using a pool of connections is preferable to using a single connection per
> connected user - it scales much better.
>
> What you could consider is one or more pools which map to the "roles" that
> your (web) app supports. For example, if a user needs "minimal rights"
> access to db resources, then your cgi (request handler) accesses the data
> using a connection from the "minimal rights" connection pool. A user
> needing "greater rights" would have the cgi access the database from the
> "greater rights" pool.
>
That sounds like an excellent compromise. How do you typically handle
the mechanics of authentication from web server to PostgreSQL on the
connect, using this scheme?
--
Why waste time learning when ignorance is instantaneous?
-- Hobbes
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John Sidney-Woollett | 2004-01-13 16:44:33 | Re: Best practice? Web application: single PostgreSQL |
| Previous Message | John Sidney-Woollett | 2004-01-13 16:42:45 | Re: Postgress and MYSQL |