On Sun, Jun 30, 2013 at 05:45:47PM -0700, David Johnston wrote:
> So PostgreSQL is only useful, for shared hosting, when the only permissible
> access is via vendor-supplied resources (APIs, administrators, etc...)?
No, of course not, especially in light of recent improvements. But
any finely-grained permissions system is a pain to use. (E.g.:
WindowsNT from the very beginning had the excellent granularity that
users of VMS were used to, but it was hard to manage, just like it was
in VMS. In Windows-land, this meant endless compromises because of
people doing things as Administrator; that wasn't a condemnation of
the ACL system, which really was very good. But as a practical
security system, it turned out to be weak because of usability.)
If you want "easy", then just give different databases per user. If
you want complicated, you need an administrator; yes, that needs to be
in some sense under the control of the host. We have roughly 40 years
of experience with these things, and the evidence is that
"comprehensive but easy" is either badly insecure or very hard to
operate well. Which trade do you want to make?
Best,
A
--
Andrew Sullivan
ajs@crankycanuck.ca