From: | "Roland Giesler" <roland(at)giesler(dot)za(dot)net> |
---|---|
To: | <pgsql-novice(at)postgresql(dot)org> |
Subject: | Re: Best way to manage users |
Date: | 2006-01-05 10:50:09 |
Message-ID: | TAXNET01WZlaJHVxGlV00000172@frontdoor.taxpoint.co.za |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
Kevin Crenshaw wrote:
> I think that the best solution - given the discussion thus
> far - is to have a separate pg user that the web app will
> use to access the database, and create a 'users' table in the
> db to store the web app usernames and passwords etc...
Well, using postgres users to authenticate web users has the advantage that
one can set up access priviledges in the database and in doing so limit the
bypassing of access security from other apps or the likes of PgAdmin.
Defining group roles and simply adding or removing users to a group, makes
the process relatively simple. Without this, one would have to define all
these things (table and column level access) manually and test for it in
your app, which makes things quite a bit more complex. Thinking this all
through, it seems that using PG users is till a good option if you need to
have different user profiles in an app.
Comments?
Roland
From | Date | Subject | |
---|---|---|---|
Next Message | First Last | 2006-01-05 12:14:24 | Re: can't connect to postgresql via phppgadmin and pgaccess |
Previous Message | Bruno Wolff III | 2006-01-05 09:03:38 | Re: GRANT access rights on rows |