Search Postgresql Archives

Logging in Code vs SQL-WHERE was: Row based permissions: at DB or at Application level?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have been thinking about this again.

Doing perm checking in code (I use Python) has the advantage that you can do logging:


def has_perm(item, user):
    if user.is_superuser:
        logger.debug('Access to %s for %s allowed, since user is superuser' % (item, user))
        return True
    if ...:
        logger.debug('Access to %s for %s allowed, since ...' % (item, user))
    logger.debug('Access to %s for %s not allowed.' % (item, user))
    return False


We use this sometimes for debugging. This way I can see why a user is allowed to access an object or not.

This is an argument for permission checking in code.

On the other side I still think perm checking in SQL WHERE has more benefits.

Regards,
  Thomas Güttler





--
Thomas Guettler http://www.thomas-guettler.de/


--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux