Thread: Read/Write restriction mechanism

A tangentially PG related question:

In a PHP project I have several functions that I use for DB operations.
I only want to allow one of them to write, all the others are for
reading only. I was thinking that a way I can enforce this would be to
check that the read only ones only have queries where the first
non-whitespace character is 'S'. This is not a security thing, user
defined queries are totally disallowed, this is just a "so developers
don't forget" measure.

Checking the first char like that seems awfully hackinsh to me, although
I can't see any reason it wouldn't work. Does anyone have any better
ideas? (Using DB level perms are out, as this is the function usage I'm
trying to control, not the connections).

On Jan 9, 2008, at 1:39 , Naz Gassiep wrote:

> In a PHP project I have several functions that I use for DB
> operations. I only want to allow one of them to write, all the
> others are for reading only.


> (Using DB level perms are out, as this is the function usage I'm
> trying to control, not the connections).

Um, why are DB-level permissions out? It seems like a natural fit:
your writer connects as one role while the readers connect as
another. Only grant SELECT access to the readers.

Michael Glaesemann
grzm seespotcode net