| From: | Randy Yates <yates(at)ieee(dot)org> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Another Security Question: User-based Roles vs. Application Business Rules |
| Date: | 2004-09-08 04:39:53 |
| Message-ID: | 7jr5e5m0.fsf@ieee.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Forgive me if this is a basic and trivial (i.e., stupid) question. I haven't
been using postgres very long, and I'm not an experienced database system
developer.
I noticed that there is a very powerful group-based security feature in
postgres. Very nice - I like it alot. So one way to implement security
constraints is to define appropriate groups, assign memobership of users
to those groups, and then assign group-based permissions to the assorted
database objects (e.g., tables). Fantastic!
However, ... this requires each entity accessing the databse to be
defined as a user. In the context of a web application, this paradigm
doesn't necessarily make sense since there may be many unknown users.
Somehow those users must be mapped to a "role." I suppose you can map
all unknown users into the user "guest" and then define guest privileges
appropriately.
Is this a good approach? Is there better way to do this? Is there an
altnerate way to consider?
--
% Randy Yates % "My Shangri-la has gone away, fading like
%% Fuquay-Varina, NC % the Beatles on 'Hey Jude'"
%%% 919-577-9882 %
%%%% <yates(at)ieee(dot)org> % 'Shangri-La', *A New World Record*, ELO
http://home.earthlink.net/~yatescr
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Randy Yates | 2004-09-08 04:43:07 | Re: Another Security Question: User-based Roles vs. Application |
| Previous Message | Tom Lane | 2004-09-08 04:33:39 | Re: Salt in encrypted password in pg_shadow |