From: | "Sergio Duran" <sergioduran(at)gmail(dot)com> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | PostgreSQL authentication as my application's authentication. |
Date: | 2006-06-01 15:02:04 |
Message-ID: | c44353520606010802n5a83c20doee6214ec18a324c0@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Hello,
I'm developing a web application, I normally write the authentication using
a database table for usernames and passwords, I would like to implement this
app using postgresql's authentication, the user types his user/pass and
that's the user/pass used for database connectivity, so each user are
guaranteed to only be able to read or write data on tables they are allowed
instead using a single database user with read/write access to everything
and checking before performing an action to see if the user is allowed.
I own the server on which this would run, so I'm ok with creating the users
and setting up the privileges using the psql prompt, but I do not know this
isn't a good idea in servers where I don't have a superuser, because a user
with a "create user" role becomes a superuser and has read/write access to
the entire server's database.
Can anybody tell me more about this, what should I do? which is the best
aproach? Do I need to provide more information?
Thanks in advance.
Sergio Duran.
From | Date | Subject | |
---|---|---|---|
Next Message | Merlin Moncure | 2006-06-01 15:10:45 | Re: SCSI disk: still the way to go? |
Previous Message | Roy Souther | 2006-06-01 14:45:19 | Is there a database file system? |