| From: | Bruce Richardson <pgsql(at)itsbruce(dot)uklinux(dot)net> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Security and performance |
| Date: | 2001-05-02 23:22:00 |
| Message-ID: | 20010503002200.A12641@knossos.bruce |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, May 02, 2001 at 05:59:37PM -0400, Joel Burton wrote:
>
> Instead of making a kajillion views, could you use a RULE that
> checks their identity against some field, and either does the right thing
> or does nothing, depending on this info?
>
> It would seem *MUCH* easier to maintain.
I considered it, but it could have a negative impact on performance.
Consider: the rule would recheck for each record. The rule has to be
implemented in each table which the user accesses.
A view, in contrast, only checks the user once. It pulls the data a
user needs to see (and only that data) together.
I may do this with a small set of randomly generated postgresql users
rather than having a one-to-one postgres-to-application mapping. When
the application validates a user login I could have the database
create a new user (triggered by the application reading from or writing
to a special view) with a randomly generated name and create views for
that database user which could only see the data of the logged-in
application user. It would take some careful coding but be more
manageable.
--
Bruce
I see a mouse. Where? There, on the stair. And its clumsy wooden
footwear makes it easy to trap and kill.
-- Harry Hill
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Doug McNaught | 2001-05-02 23:36:26 | Re: Tuple Max Size on 7.1 |
| Previous Message | Eliel Mamousette | 2001-05-02 22:57:14 | RE: SQL Server -> Postgres migration: Stored Procedure replacement? |