John Sidney-Woollett wrote:
> Keith G. Murphy said:
>
>>2) have the web server connecting to the database actually using the
>>user's account (possibly using LDAP authentication against PostgreSQL),
>>and controlling access to different database entities through GRANT, etc.
>
>
> My experience with java web/app servers indicates that for most setups
> using a pool of connections is preferable to using a single connection per
> connected user - it scales much better.
>
> What you could consider is one or more pools which map to the "roles" that
> your (web) app supports. For example, if a user needs "minimal rights"
> access to db resources, then your cgi (request handler) accesses the data
> using a connection from the "minimal rights" connection pool. A user
> needing "greater rights" would have the cgi access the database from the
> "greater rights" pool.
>
That sounds like an excellent compromise. How do you typically handle
the mechanics of authentication from web server to PostgreSQL on the
connect, using this scheme?
--
Why waste time learning when ignorance is instantaneous?
-- Hobbes
