Re: Best practice? Web application: single PostgreSQL - Mailing list pgsql-general

From scott.marlowe
Subject Re: Best practice? Web application: single PostgreSQL
Date
Msg-id Pine.LNX.4.33.0401131342050.22962-100000@css120.ihs.com
Whole thread Raw
In response to Re: Best practice? Web application: single PostgreSQL  ("Keith G. Murphy" <keithmur@mindspring.com>)
List pgsql-general
On Tue, 13 Jan 2004, Keith G. Murphy wrote:

> John Sidney-Woollett wrote:
>
> > Keith G. Murphy said:
> >
> >>2) have the web server connecting to the database actually using the
> >>user's account (possibly using LDAP authentication against PostgreSQL),
> >>and controlling access to different database entities through GRANT, etc.
> >
> >
> > My experience with java web/app servers indicates that for most setups
> > using a pool of connections is preferable to using a single connection per
> > connected user - it scales much better.
> >
> > What you could consider is one or more pools which map to the "roles" that
> > your (web) app supports. For example, if a user needs "minimal rights"
> > access to db resources, then your cgi (request handler) accesses the data
> > using a connection from the "minimal rights" connection pool. A user
> > needing "greater rights" would have the cgi access the database from the
> > "greater rights" pool.
> >
> That sounds like an excellent compromise.  How do you typically handle
> the mechanics of authentication from web server to PostgreSQL on the
> connect, using this scheme?

Just an addition, we do all our groups in LDAP too.  Generally ACLs point
back to groups, not users.  that way if billy bob moves from finance to HR
we just change his group memberships, not all the ACLs in all the
databases.


pgsql-general by date:

Previous
From: "scott.marlowe"
Date:
Subject: Re: Best practice? Web application: single PostgreSQL
Next
From: Bruno Wolff III
Date:
Subject: Re: Error since powerouttage