I think that I would have to disagree with the statement that 'Postgres will
not do your user authentication for you'. If you have a pg user account for
each of your web app users and they submit a username and password using
your login form in the web app and the web app uses that information to
access the database - isn't that 'authenticating' the user? So, I guess
what I would like to know is - is it better to have the web app users be pg
users too or is it a better idea to separate the two?
The way that I was thinking of doing this is to have one pg user account
that the web app uses to access the database, then set up a 'users' table to
hold all of the web app user account info.
What are your thoughts?
Kevin
-----Original Message-----
From: Sean Davis [mailto:sdavis2@mail.nih.gov]
Sent: Wednesday, January 04, 2006 12:37 PM
To: Kevin Crenshaw; brew@theMode.com; pgsql-novice@postgresql.org
Subject: Re: [NOVICE] Best way to manage users
On 1/4/06 12:20 PM, "Kevin Crenshaw" <kcrenshaw@viscient.com> wrote:
> Thanks for the replies. I appreciate the advice. However, I think that a
> better way to pose my question is to ask - what are the pros and cons of
> using Postgres to handle user authentication for my web app?
Postgres will not do your user authentication for you. It WILL store your
user information. As for storing a table of usernames/passwords (that is
all that authentication requires, at least for basic auth), even a text file
will do. However, if you are talking about money and accounting where data
integrity is important, then an ACID compliant database seems a good way to
go. Postgres is one (of several) such database.
So, for storing user accounts, etc., postgres is fine. But that is quite a
different (but related) question than user authentication for a web app. If
you haven't done authentication via VB.NET before, I suggest you make the
simplest case first and then decide if postgres will suit your needs.
Sean
