| From: | Szymon Guz <mabewlun(at)gmail(dot)com> |
|---|---|
| To: | François Beausoleil <francois(at)teksol(dot)info> |
| Cc: | Forums postgresql <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: DB Authentication Design |
| Date: | 2014-01-12 14:58:31 |
| Message-ID: | CAFjNrYv6f8oru0cqd-=rT=nU3nMsv7qjMWZBA21HqGkgG3reHA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 12 January 2014 15:30, François Beausoleil <francois(at)teksol(dot)info> wrote:
> Hi all,
>
> I'm thinking that all apps that connect to the database should have their
> own user. For example, the web application process is one user, then a
> report builder process should have another user, and a different process
> that imports data should have his own too, and so on. Would you generally
> agree with that?
>
> I'm thinking that by having different users, PGbouncer can create
> different pools, and better allow me to control concurrency.
>
> Thanks!
> François
>
>
Hi
I think the main idea should be that each user has different credentials,
so for example a user for building reports shouldn't be allowed to change
the database. Otherwise you'd end with a bunch of users, and from the
security perpective, there wouldn't be much difference between this and
having just one user.
regards,
Szymon
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2014-01-12 15:35:32 | Re: [GENERAL] pg_upgrade & tablespaces |
| Previous Message | François Beausoleil | 2014-01-12 14:30:27 | DB Authentication Design |