From: | "Brian A(dot) Seklecki" <lavalamp(at)spiritual-machines(dot)org> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | PostgreSQL/PHP Application Server |
Date: | 2008-01-24 17:15:30 |
Message-ID: | 1201194930.3015.43.camel@new-host |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
All:
Are there any frameworks / toolkits available, possibly as established
F/OSS projects, for web applications using PHP+PostgreSQL?
sf.net/google comes up short -- a few XML services and Perl+PgSQL hits.
By 'application server', as a marketing wank-word gleaned from
Oracle/IBM/BEA, essentially constituted by:
*) Templates for common data structures
*) Centralized deployment of applications as 'modules' using
a shared foundation
*) A row-level / user-level ('view based') object security model
*) Corporate Directory / Backend Integration (LDAP, Kerberos, PAM, NSS)
If such a project doesn't exist, I propose instantiating one.
#1 and #2 are easy. #3 and #4 are showstoppers.
== Monolith Security Model ==
WRT security, the "monolithic security model", whereby:
- The application on your web systems connects as a proxy/meta
'application user' role to PostgreSQL
- Who has unlimited authorization privileges
- Data access security is enforced entirely in-code
There is no shortage of discussion on the topic in the list archives,
but no conclusive answer documented anywhere on a commonly accepted
mode.
This is the kind of security model still recommended by 99% of the
PHP/PostgreSQL books on the market, and it keeps the "IT auditor"
industry alive.
== Directory / Corporate Integration ==
WRT to LDAP/Kerberos, but mostly LDAP these days, the current PostgreSQL
authentication framework allows one to proxy _authentication_ requests
to a corporate LDAP system (we'll call this the 'pam_ldap' aspect) --
However, no equivalent of the 'nss_ldap' functionality exists -- e.g.,
automatic population of group/role membership from LDAP groups and/or
CN= attribute/value pair mapping into pg_catalog.pg_roles rows.
That would be a big boost...
From | Date | Subject | |
---|---|---|---|
Next Message | Jamiil Abduqadir | 2008-01-24 17:28:49 | Installing PostGreSQL - 2 |
Previous Message | Tim Rupp | 2008-01-24 16:51:01 | Re: check constraint question |