Thread: Read/Write restriction mechanism
A tangentially PG related question: In a PHP project I have several functions that I use for DB operations. I only want to allow one of them to write, all the others are for reading only. I was thinking that a way I can enforce this would be to check that the read only ones only have queries where the first non-whitespace character is 'S'. This is not a security thing, user defined queries are totally disallowed, this is just a "so developers don't forget" measure. Checking the first char like that seems awfully hackinsh to me, although I can't see any reason it wouldn't work. Does anyone have any better ideas? (Using DB level perms are out, as this is the function usage I'm trying to control, not the connections).
On Jan 9, 2008, at 1:39 , Naz Gassiep wrote: > In a PHP project I have several functions that I use for DB > operations. I only want to allow one of them to write, all the > others are for reading only. > (Using DB level perms are out, as this is the function usage I'm > trying to control, not the connections). Um, why are DB-level permissions out? It seems like a natural fit: your writer connects as one role while the readers connect as another. Only grant SELECT access to the readers. Michael Glaesemann grzm seespotcode net