Mike, thanks for quick reply! "Mysql/connector python" - it is "mysql+mysqldb://..." connectors, right? Will look into driver details Several other points: - I don't see why create_engine() would have to be called on every request: connection pool of 1 connection maintained per user session, anything wrong with that? Would SQLAlchemy support that? - You are right, having single connection pool per data source shared between all webapp users is more efficient - It would better be kerberos username + keytab - really dislike clear-text passwords in config files (not a matter of dislike, actually - corporate policy)
On Saturday, February 27, 2021 at 6:48:18 PM UTC-5 Mike Bayer wrote: > > > It's not really a normal pattern in a web application that database > connections are user-specific. This is usually too inefficient as it means > you're connecting and disconnecting for every click. Typically a web > application uses a single password for the whole database, and then any > kind of user-level security is done at a row level based on auth-related > columns in the tables. > > Otherwise, to connect to the database with kerberos you would have to > resolve this with the database driver in question first. From the > SQLAlchemy side this just has to do with what parameters you pass to > create_engine() that get sent through to the driver. mysql/connector > python, while the driver I prefer the least, might be the only one that > supports kerberos auth. But as for how to integrate this in a web > application it would be a little bit awkard since you'd have to > create_engine() for every web click and it will not be very efficient. > > > > > On Sat, Feb 27, 2021, at 3:22 PM, Dmitri Etkine wrote: > > E.g. for MySQL? Using SQLAlchemy in a web app that will eventually run in > K8s. Users would connect with their kerberos and service-specific ticket > that I'd like SQLAlchemy to forward when establishing DB connection. Is it > supported? > > > -- > SQLAlchemy - > The Python SQL Toolkit and Object Relational Mapper > > http://www.sqlalchemy.org/ > > To post example code, please provide an MCVE: Minimal, Complete, and > Verifiable Example. See http://stackoverflow.com/help/mcve for a full > description. > --- > You received this message because you are subscribed to the Google Groups > "sqlalchemy" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to sqlalchemy+...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/sqlalchemy/459d9590-a23b-4d41-b000-ffc3d23ad1a8n%40googlegroups.com > > <https://groups.google.com/d/msgid/sqlalchemy/459d9590-a23b-4d41-b000-ffc3d23ad1a8n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > > -- SQLAlchemy - The Python SQL Toolkit and Object Relational Mapper http://www.sqlalchemy.org/ To post example code, please provide an MCVE: Minimal, Complete, and Verifiable Example. See http://stackoverflow.com/help/mcve for a full description. --- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To unsubscribe from this group and stop receiving emails from it, send an email to sqlalchemy+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/sqlalchemy/764fd50a-b440-4b87-a774-497303de8ec9n%40googlegroups.com.