On 9/28/07, Kenneth Downs <[EMAIL PROTECTED]> wrote: > I will claim that putting security > directly into the database is better than any other way because it does what > is needed in the end with the least possible work.
I must be missing something. Take a simple social networking scenario: A user can only see another user's complete profile if and only if they are mutual friends. Implementing that in the tables would be a huge pain in the ass and incur a big performance penalty. Is there some super easy way to implement this that I am missing? My problem with implementing security in the database, is that it forces a relationship between data elements and users, where as if you implement the security layer between the application and the data then you can write policies that are a function of the data itself. -Cheers John Campbell _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
