Antonis Christofides wrote:
But I think that checking user privileges at the database level is
better. I think it's simpler and more secure, and if later you also
want to create nonweb apps, you won't have any more
authentication/privilege headaches.
Couldn't agree more. But consider this r
Both connection pooling and using the superuser with SET SESSION
AUTHORIZATION both have their uses. You might have an application
that processes some type of transaction and inserts data into a users
schema or table, but where there are no user credentials available.
Then you might have a web i
> Right, this is standard operating procedure. But the original poster
> mentioned tying the connection to a particular web user/session. In
> other words, one connection per user.
Maybe I didn't phrase the question correctly, but I think that the
answer to my question is, indeed, connection pool
On Jun 29, 2006, at 5:58 PM, Tim Hart wrote:
I'm coming in a bit late to this conversation, so forgive me if
I've missed
something. Isn't this problem the reason that connection pools were
created?
In a connection pool, connections are only associated with a
particular
user for the durat
I'm coming in a bit late to this conversation, so forgive me if I've missed
something. Isn't this problem the reason that connection pools were created?
In a connection pool, connections are only associated with a particular
user for the duration of a transaction. Once the transaction is complet
On Jun 29, 2006, at 3:37 AM, Antonis Christofides wrote:
The benefit of this solution is that
I avoid reconnecting to the database on each request, having instead a
persistent connection as user "postgres".
But it is also a resource liability. How do you know if the user will
make another r
Antonis Christofides wrote:
> But I think that checking user privileges at the database level is
> better. I think it's simpler and more secure, and if later you also
> want to create nonweb apps, you won't have any more
> authentication/privilege headaches. For this reason, in a web app
> I've
Hi,
Most web database applications I've seen use a system separate from
the rdbms's user database for managing user privileges. For example,
there may be a "users" table, or there may be external authentication
with, say, LDAP. Or, for example, in MoinMoin (an extensible wiki,
where apps can be
ng INFORMIX there is
a rather simple solution for this problem, called Synonyms.
Regards
Karsten
-Ursprüngliche Nachricht-
Von: Tom Lane [mailto:[EMAIL PROTECTED]
Gesendet: Dienstag, 22. Juni 2004 16:05
An: Kreißl, Karsten
Cc: [EMAIL PROTECTED]
Betreff: Re: [GENERAL] User Privileges
On Wed, Jun 23, 2004 at 09:03:37AM +0200, "Kreißl, Karsten" wrote:
> But, under this conditions we must specify username and password
> (without encryption!) in the view definition. Every user can read
> this information using pgadmin or other tools. It's very simple ! In
> our environment the r
Mihai Gheorghiu writes:
> Therefore, I have to give users permissions to sequences, just to the
> extent that they could add records. What is the minimum set of
> privileges for this?
You need UPDATE privileges to be able to execute nextval() and currval().
I assume this would include setval() a
"Mihai Gheorghiu" <[EMAIL PROTECTED]> writes:
> It is possible that a user is a member of more than one group.
> Do this user's privileges AND or OR the privileges of each of the two
> groups?
OR. A user's privileges are always the union of what he has personally
and what he has via any group.
It is possible that a user is a member of more than one group.
Do this user's privileges AND or OR the privileges of each of the two
groups?
Thank you all.
---(end of broadcast)---
TIP 5: Have you checked our extensive FAQ?
http://www.postgresql.
I have a db in which users can view and update data only via views.
It is my understanding that the privileges of the view/rule creator do not
extend to sequences. Therefore, I have to give users permissions to
sequences, just to the extent that they could add records. What is the
minimum set of p
ssage -
> From: "Dan Wilson" <[EMAIL PROTECTED]>
> To: "Niral Trivedi" <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]>
> Sent: Tuesday, December 26, 2000 7:25 PM
> Subject: Re: [GENERAL] User Privileges
>
> > > For example I have
rights. Group
"developers" has the same privileges.
For more details --
http://www.postgresql.org/users-lounge/docs/7.0/user/sql-grant.htm
-Dan
- Original Message -
From: "W. van den Akker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, Decem
D]>;
<[EMAIL PROTECTED]>
Sent: Tuesday, December 26, 2000 7:25 PM
Subject: Re: [GENERAL] User Privileges
> > For example I have 5 tables in database A. And now I want to give
> > SELECT/UPDATE/INSERT privileges to a user to all 5 tables. But according
> to
> > documentat
17 matches
Mail list logo
