On Tuesday 13 January 2004 22:13, Keith G. Murphy wrote:
> John Sidney-Woollett wrote:
> > What you could consider is one or more pools which map to the "roles"
> > that your (web) app supports. For example, if a user needs "minimal
> > rights" access to db resources, then your cgi (request handler) accesses
> > the data using a connection from the "minimal rights" connection pool. A
> > user needing "greater rights" would have the cgi access the database from
> > the "greater rights" pool.
>
> That sounds like an excellent compromise. How do you typically handle
> the mechanics of authentication from web server to PostgreSQL on the
> connect, using this scheme?
Umm.. I doubt role specific pooling is required. You can use set session
authorization to switch authorization of any connection.
Of course you need to connet to database as super user though. That is real
downside. If your webapp. breaks, the database can not provide any security.
Shridhar