On Sat, 2006-25-03 at 10:11 -0800, Chris Travers wrote: > Leif Jensen wrote: > > > Hello, > > > > I have with great interrest been following this thread. We have a > >(small) flame war in house about this and I'm very happy about all the > >arguments I have seen. I'm a long time user of PostgreSQL (which possibly > >makes me a bit biased ;-) ) and I think it's great. I'm not a big database > >expert, but I try to make things as good and standard as I can. > > > > In this respect I have 3 questions: > > > >1) I wonder that no one has mentioned anything about security issues in > >those two. I know that I'm a novice and that I didn't use MySql very much, > >but it seems to me that the PostgreSQL security is much better than MySql > >!? > > > > > > > Most people on the list only grudgingly use MySQL and so most are not so > well aware of the limitations of MySQL's security model. > > MySQL has no concept of group memberships or group permissions (or the > more complex role permissions). The permissions are simply at the level > of the individual user. When I have coded complex apps on MySQL, I have > sometimes found it necessary to emulate this level of permission so that > the permissions can be "compiled" down to individual permissions on the > tables. It is a real pain sometimes. One thing that MySQL does have over PostgreSQL is column level permissions. I rarely need them and similar effects can be achieved joining data from tables with different permissions.
