Am 14.12.2011 14:28, schrieb Craig Ringer:
On 14/12/2011 8:32 PM, Andreas wrote:
Hi,
I asked elsewhere about the best way to store db credentials within a
user-session of a web-app.
Where? Link?
Well, it was on the general list of php.net.
I read your link and understood your not a particular fan of PHP.
I'm not exactly dogmatic about PHP either. It's just the first approach
to the web-app topic for me. One has to start somewhere. :-}
I'll need to let some specific external users access our PG DB that up
until now uses a MS-Access frontend.
PHP seemed to be the easiest approach without having to mess around with
ASP or JAVA and all this.
It appeared that it was for everybody but me evident that instead of
heaving a db-role+passwd for every user of an application it was
better to have just 1 set of db-credentials for the application and
recreate a user management within the app instead using the existing
user handling of the dbms.
I usually prefer a hybrid, where the app logs in with a particular
role with limited rights then does a SET ROLE to the app user it's
currently operating as. Related to:
http://stackoverflow.com/questions/8432636/in-postgresql-are-partitions-or-multiple-databases-more-efficient/8439618#8439618
I wasn't aware of the possibility to switch roles, yet.
I'll explore this in more detail.
Thanks
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
