Re: OT DBA type question - GRANT PRIVILEDGE
| От | Craig Ringer |
|---|---|
| Тема | Re: OT DBA type question - GRANT PRIVILEDGE |
| Дата | |
| Msg-id | 4EE16321.1090702@ringerc.id.au обсуждение исходный текст |
| Ответ на | OT DBA type question - GRANT PRIVILEDGE ("James B. Byrne" <byrnejb@harte-lyne.ca>) |
| Список | pgsql-general |
On 12/09/2011 05:46 AM, James B. Byrne wrote:
User IDs are often used to help secure multi-tenanted databases. I just wrote about this in response to another question, see:
http://stackoverflow.com/questions/8432636/in-postgresql-are-partitions-or-multiple-databases-more-efficient/8439618#8439618
Individual user IDs are often useful the same way, via `SET ROLE' from an unpriveleged account a connection pool uses.
Because of connection establishment overheads and the need to pool connections I'm generally reluctant to use setups where the app auths against the database with a given user ID and password directly.
--
Craig Ringer
The topic of RDBMS security has arisen in a discussion and, lacking evidence of my own, I am curious to discover just how frequently DBMS userids tied to specific individuals are used in production RDBMS based systems. I am also curious to know how often VIEWS are tied to individual user IDs known to the DBMS rather than to shared user IDs known only to an application through a configuration file.
User IDs are often used to help secure multi-tenanted databases. I just wrote about this in response to another question, see:
http://stackoverflow.com/questions/8432636/in-postgresql-are-partitions-or-multiple-databases-more-efficient/8439618#8439618
Individual user IDs are often useful the same way, via `SET ROLE' from an unpriveleged account a connection pool uses.
Because of connection establishment overheads and the need to pool connections I'm generally reluctant to use setups where the app auths against the database with a given user ID and password directly.
--
Craig Ringer
В списке pgsql-general по дате отправления: