| From: | "Sergio Duran" <sergioduran(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | PostgreSQL authentication as my application's authentication. |
| Date: | 2006-06-01 15:02:04 |
| Message-ID: | c44353520606010802n5a83c20doee6214ec18a324c0@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hello,
I'm developing a web application, I normally write the authentication using
a database table for usernames and passwords, I would like to implement this
app using postgresql's authentication, the user types his user/pass and
that's the user/pass used for database connectivity, so each user are
guaranteed to only be able to read or write data on tables they are allowed
instead using a single database user with read/write access to everything
and checking before performing an action to see if the user is allowed.
I own the server on which this would run, so I'm ok with creating the users
and setting up the privileges using the psql prompt, but I do not know this
isn't a good idea in servers where I don't have a superuser, because a user
with a "create user" role becomes a superuser and has read/write access to
the entire server's database.
Can anybody tell me more about this, what should I do? which is the best
aproach? Do I need to provide more information?
Thanks in advance.
Sergio Duran.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Merlin Moncure | 2006-06-01 15:10:45 | Re: SCSI disk: still the way to go? |
| Previous Message | Roy Souther | 2006-06-01 14:45:19 | Is there a database file system? |