| From: | "John Sidney-Woollett" <johnsw(at)wardbrook(dot)com> |
|---|---|
| To: | "Keith G(dot) Murphy" <keithmur(at)mindspring(dot)com> |
| Cc: | johnsw(at)wardbrook(dot)com, "pgsql-general" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Best practice? Web application: single PostgreSQL |
| Date: | 2004-01-13 17:24:11 |
| Message-ID: | 4737.192.168.0.64.1074014651.squirrel@mercury.wardbrook.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Keith G. Murphy said:
> Perhaps I can answer my own question. I could use ident and a map that
> lists the web server username as able to map to the different "role"
> usernames.
Someone else also mentioned and I personally agree that it's better to
authenticate in the application layer (using whatever technology takes
your fancy), and then use the webserver's generic/pooled connection to
communicate with the database.
Your user and role mapping info could be stored within the database, or
accessed from an LDAP server, or some such.
> Unfortunately, that still would allow the web server account
> to "fake" role names.
Make the application layer robust and secure and it may not be so much of
a problem.
John
| From | Date | Subject | |
|---|---|---|---|
| Next Message | scott.marlowe | 2004-01-13 17:34:14 | Re: Any real known bugs about wrong selects? |
| Previous Message | Keith G. Murphy | 2004-01-13 17:15:30 | Re: Best practice? Web application: single PostgreSQL |