On Thu, Sep 26, 2002 at 08:01:29PM -0400, Dan Kalowsky wrote: > On Thursday, September 26, 2002, at 06:36 PM, Jon Parise wrote: > >Isn't it generally better (where "better" means more secure, > >efficient, and easily maintained) to handle database access control > >using PostgreSQL's native access mappings? > > Yep. Thus why it was created :)
please explain to me how you think this might work? the postgres security model is "table" based, not "database" based. (a database being a collection of tables) it is not possible to do the same thing as this patch within pgsql. given a webserver setup, running as user "web" and group "web", all pgsql calls are going to come from that user. theoretically, you could use the username/password facilities of pgsql, but in order for that to work, you must delegate the ability to add/remove/modify pgsql users, and then you need to control who can manage which user. this patch adds a minor, but very useful, facility to say "this" virtual host can only access "that" database. with that facility, it becomes easier to add appropriate security within that virtual host's data, and not have to worry about other users writing code that dips into their data. -- [ Jim Mercer [EMAIL PROTECTED] +1 416 410-5633 ] [ I want to live forever, or die trying. ] -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
