Hello Chris,

Le 2014-01-12 à 23:24, Chris Travers a écrit :
> 
> On Sun, Jan 12, 2014 at 6:30 AM, François Beausoleil <franc...@teksol.info> 
> wrote:
> Hi all,
> 
> I'm thinking that all apps that connect to the database should have their own 
> user. For example, the web application process is one user, then a report 
> builder process should have another user, and a different process that 
> imports data should have his own too, and so on. Would you generally agree 
> with that?
> 
> I'm thinking that by having different users, PGbouncer can create different 
> pools, and better allow me to control concurrency.
> 
> 
> It really depends on what you are doing, what your security model is, what 
> your concurrency constraints are, etc.  What you are describing is a fairly 
> typical approach and it sacrifices some real security possibilities for 
> connection pooling possibilities.  The fundamental question is whether the 
> security of your application's user should be tied to the database 
> connection. 

This database cluster is not exposed to the outside world. What I really need 
is a way to control the number of simultaneous execution of queries. Your "per 
application" approach is a better name for what I described.

I also have web-facing applications, in which case the per-user approach sounds 
good.

Thanks!
François

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to