Am 14.12.2011 14:28, schrieb Craig Ringer:
> On 14/12/2011 8:32 PM, Andreas wrote:
>> Hi,
>>
>> I asked elsewhere about the best way to store db credentials within a
>> user-session of a web-app.
>>
> Where? Link?
Well, it was on the general list of php.net.
I read your link and understood your not a particular fan of PHP.
I'm not exactly dogmatic about PHP either. It's just the first approach
to the web-app topic for me. One has to start somewhere. :-}
I'll need to let some specific external users access our PG DB that up
until now uses a MS-Access frontend.
PHP seemed to be the easiest approach without having to mess around with
ASP or JAVA and all this.
>> It appeared that it was for everybody but me evident that instead of
>> heaving a db-role+passwd for every user of an application it was
>> better to have just 1 set of db-credentials for the application and
>> recreate a user management within the app instead using the existing
>> user handling of the dbms.
> I usually prefer a hybrid, where the app logs in with a particular
> role with limited rights then does a SET ROLE to the app user it's
> currently operating as. Related to:
>
>
http://stackoverflow.com/questions/8432636/in-postgresql-are-partitions-or-multiple-databases-more-efficient/8439618#8439618
>
I wasn't aware of the possibility to switch roles, yet.
I'll explore this in more detail.
Thanks