| From: | "scott(dot)marlowe" <scott(dot)marlowe(at)ihs(dot)com> |
|---|---|
| To: | "Keith G(dot) Murphy" <keithmur(at)mindspring(dot)com> |
| Cc: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Best practice? Web application: single PostgreSQL |
| Date: | 2004-01-13 17:52:27 |
| Message-ID: | Pine.LNX.4.33.0401131051350.22609-100000@css120.ihs.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Tue, 13 Jan 2004, Keith G. Murphy wrote:
> I'm trying to get a feel for what most people are doing or consider best
> practice.
>
> Given a mod_perl application talking to a PostgreSQL database on the
> same host, where different users are logging onto the web server using
> LDAP for authentication, do most people
>
> 1) have the web server connecting to the database using its own user
> account (possibly through ident), and controlling access to different
> database entities strictly through the application itself
>
> 2) have the web server connecting to the database actually using the
> user's account (possibly using LDAP authentication against PostgreSQL),
> and controlling access to different database entities through GRANT, etc.
>
> Obviously, (2) leads to more database connections, and you still have to
> have the application do some work in terms of which forms are available
> to which users, etc. But I'm a little worried about whether it's best
> security practice.
I do 1. different language (PHP) same basic thing though. All security
is handled by ACLS I build myself in Postgresql and interrogate via my own
application.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua D. Drake | 2004-01-13 17:58:32 | Re: Postgress and MYSQL |
| Previous Message | Thapliyal, Deepak | 2004-01-13 17:47:49 | Nested transaction - I am a bank ?? |