Re: Anyone tried storing software users as database users?

Στις Tuesday 28 April 2009 15:27:58 ο/η Paul Rogers έγραψε:
> If so then how did you handle permissions, errors, connection pooling?
>

In jboss for instance you could do that using
org.jboss.security.auth.spi.DatabaseServerLoginModule
in conf/login-config.xml

One issue might be the quering of pg_shadow, also another issue would be to ensure
if your user md5 hashed password really matches the one stored in the db (getting rid of leading "md5" prefix first ofcourse)

Having said that, i haven't done it with the postgresql sys tables tho.

Anyway, why do you want to combine database users and app users?
Normally the app accesses the database as one db user.
Most app descriptors are static xml (at least in J2EE), meaning you cant set up your connection pools
dynamically with whoever user tries to login.

If you manage to do it, however, there is great advantage in what you are trying to do.
Both application *and* database logs will log according to the same user!
So if for example one db process eats up 100% of the CPU you will know exactly
who did what.

>
> Privileged/Confidential Information may be contained in this message.
>
> If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of my firm shall be understood as neither given nor endorsed by it.
>
>

--
Achilleas Mantzios