Home > mailing lists

Re: Best practice? Web application: single PostgreSQL - Mailing list pgsql-general

From	John Sidney-Woollett
Subject	Re: Best practice? Web application: single PostgreSQL
Date	January 13, 2004 16:29:43
Msg-id	4737.192.168.0.64.1074014651.squirrel@mercury.wardbrook.com Whole thread Raw
In response to	Re: Best practice? Web application: single PostgreSQL ("Keith G. Murphy" <keithmur@mindspring.com>)
List	pgsql-general

Tree view

Keith G. Murphy said:
> Perhaps I can answer my own question.  I could use ident and a map that
> lists the web server username as able to map to the different "role"
> usernames.

Someone else also mentioned and I personally agree that it's better to
authenticate in the application layer (using whatever technology takes
your fancy), and then use the webserver's generic/pooled connection to
communicate with the database.

Your user and role mapping info could be stored within the database, or
accessed from an LDAP server, or some such.

> Unfortunately, that still would allow the web server account
> to "fake" role names.

Make the application layer robust and secure and it may not be so much of
a problem.

John

pgsql-general by date:

From: "Keith G. Murphy"
Date: 13 January 2004, 16:17:15
Subject: Re: Best practice? Web application: single PostgreSQL

From: "Chris Ochs"
Date: 13 January 2004, 16:46:03
Subject: Re: sql insert function

Re: Best practice? Web application: single PostgreSQL - Mailing list pgsql-general

Previous

Next