Re: Best way to manage users

Roland,

I wanted to reply to your post separately.  I toyed with using pg_user to
store user information, but it did not work.  I tried to use pg_user to
store user acct info and then use a 'user_detail' table to store additional
details but I got an error stating that pg_user is not a table (this
occurred when I tried to use the 'usesysid' column as a foreign key in my
user_detail table).

I think that the best solution - given the discussion thus far -  is to have
a separate pg user that the web app will use to access the database, and
create a 'users' table in the db to store the web app usernames and
passwords etc...

Hth,

kevin





-----Original Message-----
From: Roland Giesler [mailto:roland@giesler.za.net]
Sent: Wednesday, January 04, 2006 12:44 PM
To: 'Kevin Crenshaw'; brew@theMode.com; pgsql-novice@postgresql.org
Subject: RE: [NOVICE] Best way to manage users

Kevin Crenshaw wrote:
> Thanks for the replies.  I appreciate the advice.  However, I
> think that a better way to pose my question is to ask - what
> are the pros and cons of using Postgres to handle user
> authentication for my web app?

Maybe to add to that question: Is there a way to directly authenticate a
user as a database user when using a web app?  In .net, this is handeled by
a cobination of the OS (active directory - AD), the DB (SQL Server) which
can authenticate against AD, and the browser.  However, how can pg get or
request the authentication from your webbrowser?  Unless there is a pgsql
function that allows login as a different user from a webapp from the
webapp, I would think it's not possible to actually do this the way a
statefull app does it (under windows for example)

Some comments on this would be great, as I have a very similar requirement
and was also toying with the idea of using the pg users, instead of creating
my own tables and user authentication infrastructure.

Thanks

Roland Giesler