Home > mailing lists

Best practice? Web application: single PostgreSQL user vs. multiple users - Mailing list pgsql-general

From	Keith G. Murphy
Subject	Best practice? Web application: single PostgreSQL user vs. multiple users
Date	January 13, 2004 15:15:25
Msg-id	40041924.2030200@mindspring.com Whole thread Raw
Responses	Re: Best practice? Web application: single PostgreSQL Re: Best practice? Web application: single PostgreSQL Re: Best practice? Web application: single PostgreSQL
List	pgsql-general

Tree view

I'm trying to get a feel for what most people are doing or consider best
practice.

Given a mod_perl application talking to a PostgreSQL database on the
same host, where different users are logging onto the web server using
LDAP for authentication, do most people

1) have the web server connecting to the database using its own user
account (possibly through ident), and controlling access to different
database entities strictly through the application itself

2) have the web server connecting to the database actually using the
user's account (possibly using LDAP authentication against PostgreSQL),
and controlling access to different database entities through GRANT, etc.

Obviously, (2) leads to more database connections, and you still have to
have the application do some work in terms of which forms are available
to which users, etc.  But I'm a little worried about whether it's best
security practice.

pgsql-general by date:

From: "Keith C. Perry"
Date: 13 January 2004, 15:05:11
Subject: Re: cryptography, was Drawbacks of using BYTEA for PK?

From: "John Sidney-Woollett"
Date: 13 January 2004, 15:31:25
Subject: Re: Best practice? Web application: single PostgreSQL

Best practice? Web application: single PostgreSQL user vs. multiple users - Mailing list pgsql-general

Previous

Next