Thread: PostgreSQL/PHP Application Server

PostgreSQL/PHP Application Server

From
"Brian A. Seklecki (Mobile)"
Date:
All:

Are there any frameworks / toolkits available, possibly as established
F/OSS projects, for web applications using PHP+PostgreSQL?

sf.net/google comes up short -- a few XML services and Perl+PgSQL hits.

By 'application server', as a marketing wank-word gleaned from
Oracle/IBM/BEA, essentially constituted by:

*) Templates for common data structures
*) Centralized deployment of applications as 'modules' using
   a shared foundation
*) A row-level / user-level ('view based') object security model
*) Corporate Directory / Backend Integration (LDAP, Kerberos, PAM, NSS)

If such a project doesn't exist, I propose instantiating one.

#1 and #2 are easy.  #3 and #4 are showstoppers.

== Monolith Security Model ==

WRT security, the "monolithic security model", whereby:
- The application on your web systems connects as a proxy/meta
  'application user' role to PostgreSQL
- Who has unlimited authorization privileges
- Data access security is enforced entirely in-code

There is no shortage of discussion on the topic in the list archives,
but no conclusive answer documented anywhere on a commonly accepted
mode.

This is the kind of security model still recommended by 99% of the
PHP/PostgreSQL books on the market, and it keeps the "IT auditor"
industry alive.

== Directory / Corporate Integration ==

WRT to LDAP/Kerberos, but mostly LDAP these days, the current PostgreSQL
authentication framework allows one to proxy _authentication_ requests
to a corporate LDAP system (we'll call this the 'pam_ldap' aspect) --

However, no equivalent of the 'nss_ldap' functionality exists -- e.g.,
automatic population of group/role membership from LDAP groups and/or
CN= attribute/value pair mapping into pg_catalog.pg_roles rows.

That would be a big boost...


Re: PostgreSQL/PHP Application Server

From
Shane Ambler
Date:
Brian A. Seklecki (Mobile) wrote:

> *) A row-level / user-level ('view based') object security model

I haven't looked into it much but SE-PostgreSQL may be an option for
this step - if not you may find their explanations of how they implement
row level security to be inspiration.

http://code.google.com/p/sepgsql/



--

Shane Ambler
pgSQL (at) Sheeky (dot) Biz

Get Sheeky @ http://Sheeky.Biz

Re: PostgreSQL/PHP Application Server

From
"Brian A. Seklecki"
Date:
On Fri, 2008-01-25 at 06:01 +1030, Shane Ambler wrote:
>
> I haven't looked into it much but SE-PostgreSQL may be an option for

Bill Moran also pointed out Postgresql Veil & PHP Horde:

Veil Project
 http://veil.projects.postgresql.org/

Horde Framework:
 http://www.horde.org/

Of course, there aren't even listed in Google.

> this step - if not you may find their explanations of how they
> implement
> row level security to be inspiration.
>
> http://code.google.com/p/sepgsql/