| From: | Guyren Howe <guyren(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | LYDB: Feasible to use PG roles instead of application-level security? |
| Date: | 2016-12-30 03:19:09 |
| Message-ID: | 616E37BD-F646-4B32-A975-51B5C72B416F@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Further to my attempts to enlighten application developers about what they might better do in the database:
https://medium.com/@gisborne/love-your-database-lydb-23c69f480a1d#.4jngp2rcb <https://medium.com/@gisborne/love-your-database-lydb-23c69f480a1d#.4jngp2rcb>
it occurs to me to wonder whether it is practical to use PG’s own roles and security model in lieu of using an application-level one.
It seems that the role system in PG is sufficient for most general purposes. One could presumably also have a table with role names and associated metainformation (email address etc) as needed.
If I have a system with many thousands of users, is it practical to manage these users’ authentication and authorization using *just* Postgres?
It occurs to me that some client frameworks might have issues with their connection pools if those connections keep switching users, assuming they even can, but let’s set that aside for now. Or perhaps every connection could immediately do a SET USER before executing its connection?
This seems an attractive proposition from a security standpoint: if I use row-level security pervasively, I can have a security system that’s nestled nice and close to the data and presumably tricky to work around from a hacker given direct access only to the client application.
Is this practical? Has anyone here done it? What might the caveats be?
TIA
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tim Uckun | 2016-12-30 03:43:33 | Re: Performance PLV8 vs PLPGSQL |
| Previous Message | David G. Johnston | 2016-12-30 01:10:42 | Re: Special index for "like"-based query |