On Fri, Dec 3, 2010 at 5:13 AM, Marc Mamin
<M.Mamin@intershop.de> wrote:
Hello,
We are thinking about using a (java based) connection pool.
An issue is that there are many different users to connect.
My idea is to only have superuser connections in the pool
and change the connection role (with SET ROLE) each time
a user pick a connection there.
Tangential to your question, but important:
Obviously each "user" could use RESET ROLE and become the super user. This means that every piece of code that uses this pool needs to have security appropriate for code using the super user. i.e. "Whatever, it's just using a read-only role, nothing bad can happen" is no longer a valid argument (if it ever was).
Do you have that much faith / trust in every "user"?
* "user" in quotes because I'm guessing you are referring to different portions of your application / application suite and hopefully not individual persons.
Derrick
