| From: | Martin Marques <martin(at)bugs(dot)unl(dot)edu(dot)ar> |
|---|---|
| To: | "scott(dot)marlowe" <scott(dot)marlowe(at)ihs(dot)com> |
| Cc: | "Keith G(dot) Murphy" <keithmur(at)mindspring(dot)com>, pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Best practice? Web application: single PostgreSQL |
| Date: | 2004-01-14 16:10:23 |
| Message-ID: | 1074096623.400569efec7c8@bugs.unl.edu.ar |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Mensaje citado por "scott.marlowe" <scott(dot)marlowe(at)ihs(dot)com>:
> > 1) have the web server connecting to the database using its own user
> > account (possibly through ident), and controlling access to different
> > database entities strictly through the application itself
[snip]
> I do 1. different language (PHP) same basic thing though. All security
> is handled by ACLS I build myself in Postgresql and interrogate via my own
> application.
In the case of PHP there are very nice ACL stuff in PEAR, like PEAR::Auth.
I personally do all the auth stuff by myself (table with users, table with
function, table with permissions, etc.), just like Scott. :-)
--
select 'mmarques' || '@' || 'unl.edu.ar' AS email;
---------------------------------------------------------
Martín Marqués | Programador, DBA
Centro de Telemática | Administrador
Universidad Nacional
del Litoral
---------------------------------------------------------
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Zengfa Gao | 2004-01-14 16:10:44 | Collate is not supported for 7.4 |
| Previous Message | Keith C. Perry | 2004-01-14 15:56:01 | Re: Best practice? Web application: single PostgreSQL |