| From: | Shridhar Daithankar <shridhar(at)frodo(dot)hserus(dot)net> |
|---|---|
| To: | <btober(at)computer(dot)org> |
| Cc: | <bartko(dot)zoltan(at)pobox(dot)sk>, <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Securing a db app - RFC |
| Date: | 2004-06-02 12:36:14 |
| Message-ID: | 200406021806.14072.shridhar@frodo.hserus.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wednesday 02 June 2004 17:58, btober(at)computer(dot)org wrote:
> > You can probably use set session authorization. Here are some brief
> > steps.
> >
> > 1. Convert all your users as postgresql database users
>
> If he's going to do this, why bother with hard-coding a single user id
> and password in the application -- why not have the user log in as their
> defined Postgresql user, and let the data base handle all the security
> and permission issues?
In that case he can not use connection pooling. Thats all. Otherwise there is
no need for single user id.
Shridhar
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Campano, Troy | 2004-06-02 13:14:08 | statement-level statistics are disabled error (postgresql.conf) |
| Previous Message | btober | 2004-06-02 12:28:27 | Re: Securing a db app - RFC |