Skip site navigation (1) Skip section navigation (2)

PostgreSQL Q & A

From: Josh Berkus <josh(at)agliodbs(dot)com>
To: jlewisc399(at)rogers(dot)com, jlewis(at)golden(dot)net
Cc: pgsql-advocacy(at)postgresql(dot)org
Subject: PostgreSQL Q & A
Date: 2003-04-07 21:57:08
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-advocacy
Mr. Lewis,

> We are considering using PostgreSQL as the backbone for hosting a new
> application suite.

That's great!   We'd be happy to feature you on the Advocacy site when you're 
up and running.

> The appeal is obvious but what about security of data?  

Postgresql has a number of built-in security mechanisms, such as an ACL, 
schema, table, and object permissions, and MD5-encrypted passwords.  
Additionally, you could easily encrypt parts of your data through your 
middleware.  If "bulletproof" security is a paramount concern, I recommend 
hiring a consultant with this area of expertise.

> What is the
> mechanism for securing the open source?  

I'm afraid I don't follow this question.   What do you mean by "securing the 
Open Source?"

> How do developers submit source
> and who QA's it ?

Source is submitted through CVS at   Patches and 
features are approved or rejected by the 6-member core developer team, 
usually after a lively discussion on the developer mailing lists.  Many new 
features are only added after surviving several months in production as 
optional patches in the "contrib" directory of the source tree.

Only few developers have commit access to repository. They apply any patches 
people send. This core group has been working on PostgreSQL for a long time 
and the membership of core group is awarded to only those who make 
significant contributions.

QA is done through the very active, 9000 + member online PostgreSQL community.  
Thanks to our many enthusiastic participants, we are able to test PostgreSQL 
in the field in amost every conceivable environment.  Problems and bugs are 
reported to our mailing lists and quickly acted upon.  For example, when the 
well-publicized zlib bug in 2002 was found to have affected PostgreSQL as 
well, a patched version was available in less than a week.

> What is the performance and scalability like and has it been benched ?
> benched against other leading products such as MS, Progress, etc.

I personally use Postgres for 6 in-production commercial databases for my 
clients.   Perhaps our strongest "scalability" demonstatration is by Afilias, 
who are hosting the .ORG registry on a PostgreSQL database.

Regrettably, every benchmark I have yet seen in any online article is designed 
to favor the database whose team ran the benchmark (ours included).   The 
database world is,  at this time, lacking a relatively impartial, 
comprehensive set of database benchmarks.

That being said, quite a few tests have been done on the speed issue alone.   
Rather than me hand-feeding you articles, I suggest that you "Google" for 
them; I think you'll find that on raw speed PostgreSQL comes out just behind 
MySQL or just ahead depending on who ran the test.

Further, there are plenty of installations with
data size around 10GB and few ranging more than 2 TB. Shridhar has
benchmarked it for a dataset of 40GB and found it to be with 90-95% of 
Oracle's performance on a quad xeon machine.

> Our initial thoughts are for an ASP modeled deployment with up to a
> thousand users per instantiated DB.

Sounds good to me.

> Is the license owned by a trust whatsoever and is there a possibility of it
> being sold or differently licensed?


> Would there be limitations or agreements required to accompany our product
> once developed and licensed for use by customers ?

No.  PostgreSQL is BSD-licensed, and community-owned.  See:
A company can take a Postgres-derived product, commercialize it 
and sell it. However, the real value comes from giving back to community 
because you earn trust and reputation that is probably worth more than direct 
business gains.

> Are there any software vendors creating apps with this backbone ?  Anyone
> other than ISP / Webhosting types.

I'll have to research this for you.  Unfortunately, while I personally know of 
several, they are not ready to go public with the technical details of their 
products.   Hopefully someone else will come forward on one of our mailing 

I personally develop custom, complex OLAP and scheduling applications based on 
PostgreSQL, and hundreds of members of our community do similar development.

> What disadvantages should I consider ?

Only two that I can think of, personally.  But consider whom you're asking 

First, outside of the Open Source community, PostgreSQL does not have halo of 
its commercial cousins. So selling it to management might be difficult 

Second, Oracle and DB2 still have an edge on us as far as really big 
installations are concerned, with advanced replication setups, 
high-availablity infrastructure, and clustering optimizations we have not yet 
developed.   But for what you want to do, I can't imagine this being a 

Overall, I'd say that if you want to go further with this, you should hire an 
expert PostgreSQL consultant, even during the evaluation process.  For 
example, setting up PostgreSQL's memory use parameters requires some 
expertise in order to get the database to perform optimally on your hardware, 
and any test without such configuration would be misleading at best.
Some consultants are listed here:

Good luck in your evaluation process.

Josh Berkus
with help from Shridhar Daithankar
PostgreSQL Advocacy Volunteers


pgsql-advocacy by date

Next:From: Shridhar DaithankarDate: 2003-04-08 05:57:47
Subject: Re: PostgreSQL Q & A
Previous:From: Greg Sabino MullaneDate: 2003-04-07 14:33:44
Subject: MySQL Certifications

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group