Re: Security and performance
От | Bruce Richardson |
---|---|
Тема | Re: Security and performance |
Дата | |
Msg-id | 20010503002200.A12641@knossos.bruce обсуждение исходный текст |
Ответ на | Re: Security and performance (Joel Burton <jburton@scw.org>) |
Ответы |
Re: Security and performance
|
Список | pgsql-general |
On Wed, May 02, 2001 at 05:59:37PM -0400, Joel Burton wrote: > > Instead of making a kajillion views, could you use a RULE that > checks their identity against some field, and either does the right thing > or does nothing, depending on this info? > > It would seem *MUCH* easier to maintain. I considered it, but it could have a negative impact on performance. Consider: the rule would recheck for each record. The rule has to be implemented in each table which the user accesses. A view, in contrast, only checks the user once. It pulls the data a user needs to see (and only that data) together. I may do this with a small set of randomly generated postgresql users rather than having a one-to-one postgres-to-application mapping. When the application validates a user login I could have the database create a new user (triggered by the application reading from or writing to a special view) with a randomly generated name and create views for that database user which could only see the data of the logged-in application user. It would take some careful coding but be more manageable. -- Bruce I see a mouse. Where? There, on the stair. And its clumsy wooden footwear makes it easy to trap and kill. -- Harry Hill
В списке pgsql-general по дате отправления: