Keith G. Murphy said:That sounds like an excellent compromise. How do you typically handle the mechanics of authentication from web server to PostgreSQL on the connect, using this scheme?
2) have the web server connecting to the database actually using the user's account (possibly using LDAP authentication against PostgreSQL), and controlling access to different database entities through GRANT, etc.
My experience with java web/app servers indicates that for most setups using a pool of connections is preferable to using a single connection per connected user - it scales much better.
What you could consider is one or more pools which map to the "roles" that your (web) app supports. For example, if a user needs "minimal rights" access to db resources, then your cgi (request handler) accesses the data using a connection from the "minimal rights" connection pool. A user needing "greater rights" would have the cgi access the database from the "greater rights" pool.
--
Why waste time learning when ignorance is instantaneous?
-- Hobbes
---------------------------(end of broadcast)--------------------------- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])
