| From: | Craig Ringer <ringerc(at)ringerc(dot)id(dot)au> |
|---|---|
| To: | "James B(dot) Byrne" <byrnejb(at)harte-lyne(dot)ca> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: OT DBA type question - GRANT PRIVILEDGE |
| Date: | 2011-12-09 01:23:45 |
| Message-ID: | 4EE16321.1090702@ringerc.id.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 12/09/2011 05:46 AM, James B. Byrne wrote:
> The topic of RDBMS security has arisen in a discussion
> and, lacking evidence of my own, I am curious to discover
> just how frequently DBMS userids tied to specific
> individuals are used in production RDBMS based systems. I
> am also curious to know how often VIEWS are tied to
> individual user IDs known to the DBMS rather than to
> shared user IDs known only to an application through a
> configuration file.
User IDs are often used to help secure multi-tenanted databases. I just
wrote about this in response to another question, see:
Individual user IDs are often useful the same way, via `SET ROLE' from
an unpriveleged account a connection pool uses.
Because of connection establishment overheads and the need to pool
connections I'm generally reluctant to use setups where the app auths
against the database with a given user ID and password directly.
--
Craig Ringer
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rodger Donaldson | 2011-12-09 02:47:21 | Re: Hope for a new PostgreSQL era? |
| Previous Message | Chris Travers | 2011-12-09 00:34:49 | Re: Hope for a new PostgreSQL era? |