Hi all,
I'm starting a project in which I will use PostgreSQL in which I need to
check permissions at different levels (eg.: status of a record, hierarchy
and so on). The application needs to run with a web interface (sigh!).
At first I thought i'd like to put as much permission logic as possible in
the database, and I was willing to evaluate veil for that.
The reasons where mainly two:
1. to be sure that those permission where observed independently from the
way I was accessing the data. No way to create security 'holes'
2. simplicity in the code
Some days ago I read an e-mail of somebody that strongly opposed to using
a db other than for ACID features.
I'd like to hear from this list some thoughts on this subjects.
thanks
sandro
*:-)
--
Sandro Dentella *:-)
http://www.tksql.org TkSQL Home page - My GPL work
