Re: Poll on your LAPP Preferences
| От | brew@theMode.com |
|---|---|
| Тема | Re: Poll on your LAPP Preferences |
| Дата | |
| Msg-id | Pine.BSF.4.58.0508091517200.64194@themode.com обсуждение исходный текст |
| Ответ на | Re: Poll on your LAPP Preferences (Chris Travers <chris@travelamericas.com>) |
| Список | pgsql-general |
Chris.....
> >If it's a Linux-Apache-PHP-PostgreSQL web app you only need one user, the
> >one your PHP script logs in as.
> Who says? I sometimes require that the PHP app logs into the database
> with the username/password suppled by the user. This makes it easier to
> manage permissions. Of course you cannot use connection pooling in this
> case without a partial rewrite of your app...
I said that.
Let me rephrase it. As a minimum, the way website PHP scripts typically
connect to PostgreSQL, you only need one user.
Conversely, you could trust anybody on the machine. If you are on a
dedicated machine and nobody else has access it's as secure as the
machine. However, some potential users of the app won't have secure
dedicated machines, so I think that would be a bad idea.
OTOH, you could have many postgresql user/password logins, like some of
your (Chris') websites.
How common is it to have the website user names carry through to the
postgresql user login? I don't see the advantage to it, I just have a web
username table in the database, but my websites are fairly simple, you
either have access to a private area or you don't.
brew
==========================================================================
Strange Brew (brew@theMode.com)
Check out my Stock Option Covered Call website http://www.callpix.com
and my Musician's Online Database Exchange http://www.TheMode.com
==========================================================================
В списке pgsql-general по дате отправления: