Application & Authentication
Sean Mullen <smullen@optusnet.com.au>
From: "Sean Mullen" <smullen@optusnet.com.au>
To: "'pg_general'" <pgsql-general@postgresql.org>
Date: 2003-07-18T06:58:50Z
Lists: pgsql-general
Hi, I'm a bit concerned about a 'conceptual' issue. I'm working on a web based app and am using postgresql users/groups for authentication, and using functions /rules/views to ensure users only access/modify their own data. i.e. many references to 'current_user' However, in my travels around sf.net, freshmeat etc I haven't come across any projects built like mine which is concerning to me. Other projects I've seen use their app for authentication/security and bypass/ignore the extremely 'useful' security system built into postgresql and build their own security/authentication system. I'm wondering if the reason for this is: A) Necessity. i.e. Their project frontends run on a mysql backend - and has to do 'everything' OR B) There is some horrible limitation that is going to ruin my day down the track Thanks for any comments, Sean