Search Postgresql Archives

Re: DB Authentication Design

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Chris,

Le 2014-01-12 à 23:24, Chris Travers a écrit :

On Sun, Jan 12, 2014 at 6:30 AM, François Beausoleil <francois@xxxxxxxxxxx> wrote:
Hi all,

I'm thinking that all apps that connect to the database should have their own user. For example, the web application process is one user, then a report builder process should have another user, and a different process that imports data should have his own too, and so on. Would you generally agree with that?

I'm thinking that by having different users, PGbouncer can create different pools, and better allow me to control concurrency.


It really depends on what you are doing, what your security model is, what your concurrency constraints are, etc.  What you are describing is a fairly typical approach and it sacrifices some real security possibilities for connection pooling possibilities.  The fundamental question is whether the security of your application's user should be tied to the database connection. 

This database cluster is not exposed to the outside world. What I really need is a way to control the number of simultaneous execution of queries. Your "per application" approach is a better name for what I described.

I also have web-facing applications, in which case the per-user approach sounds good.

Thanks!
François

<<attachment: smime.p7s>>

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux