permission in the db or in the application?
| От | Sandro Dentella |
|---|---|
| Тема | permission in the db or in the application? |
| Дата | |
| Msg-id | 20061218121006.GA8854@casa.e-den.it обсуждение исходный текст |
| Ответы |
Re: permission in the db or in the application?
Re: permission in the db or in the application? Re: permission in the db or in the application? |
| Список | pgsql-general |
Hi all,
I'm starting a project in which I will use PostgreSQL in which I need to
check permissions at different levels (eg.: status of a record, hierarchy
and so on). The application needs to run with a web interface (sigh!).
At first I thought i'd like to put as much permission logic as possible in
the database, and I was willing to evaluate veil for that.
The reasons where mainly two:
1. to be sure that those permission where observed independently from the
way I was accessing the data. No way to create security 'holes'
2. simplicity in the code
Some days ago I read an e-mail of somebody that strongly opposed to using
a db other than for ACID features.
I'd like to hear from this list some thoughts on this subjects.
thanks
sandro
*:-)
--
Sandro Dentella *:-)
http://www.tksql.org TkSQL Home page - My GPL work
В списке pgsql-general по дате отправления: