Skip site navigation (1) Skip section navigation (2)

Re: MySQL database issues

From: David Fetter <david(at)fetter(dot)org>
To: Chris Browne <cbbrowne(at)acm(dot)org>
Cc: pgsql-advocacy(at)postgresql(dot)org
Subject: Re: MySQL database issues
Date: 2007-05-21 14:57:57
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-advocacy
On Sun, May 20, 2007 at 10:07:14PM -0400, Chris Browne wrote:
> jd(at)commandprompt(dot)com ("Joshua D. Drake") writes:
> > Tino Wildenhain wrote:
> >
> >> This way you can use pg_hba.conf, dedicated system tables or
> >> maybe LDAP one day. (or just another postgres database) Does it
> >> sound too easy? I hope so :-)
> >
> > Actually, that sounds bad. PostgreSQL should be the source of its
> > own auth.
> If there's a clear *OTHER* authority in the matter (e.g. - an LDAP
> instance that manages numerous other things), then that's manifestly
> not the case.

There is a math problem with this, namely that LDAP auth systems
assume a tree, where PostgreSQL's ROLEs are actually a directed
acyclic graph.

> Making a selection of mechanisms configurable seems entirely
> reasonable to me.
> In a web hosting environment, it would seem quite reasonable for
> authentication to be controlled in some central way that's *not*
> necessarily PG-based.

It's far from clear to me that creating a high-value target with
catastrophic cascading failure modes--a single sign-on system is an
example of this--is a design goal we should "help" people implement.

David Fetter <david(at)fetter(dot)org>
phone: +1 415 235 3778        AIM: dfetter666
                              Skype: davidfetter

Remember to vote!
Consider donating to PostgreSQL:

In response to


pgsql-advocacy by date

Next:From: Joshua KramerDate: 2007-05-21 17:26:20
Subject: Re: MySQL database issues
Previous:From: Chris BrowneDate: 2007-05-21 02:07:14
Subject: Re: MySQL database issues

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group