Chris.....
> >If it's a Linux-Apache-PHP-PostgreSQL web app you only need one user, the
> >one your PHP script logs in as.
> Who says? I sometimes require that the PHP app logs into the database
> with the username/password suppled by the user. This makes it easier to
> manage permissions. Of course you cannot use connection pooling in this
> case without a partial rewrite of your app...
I said that.
Let me rephrase it. As a minimum, the way website PHP scripts typically
connect to PostgreSQL, you only need one user.
Conversely, you could trust anybody on the machine. If you are on a
dedicated machine and nobody else has access it's as secure as the
machine. However, some potential users of the app won't have secure
dedicated machines, so I think that would be a bad idea.
OTOH, you could have many postgresql user/password logins, like some of
your (Chris') websites.
How common is it to have the website user names carry through to the
postgresql user login? I don't see the advantage to it, I just have a web
username table in the database, but my websites are fairly simple, you
either have access to a private area or you don't.
brew
==========================================================================
Strange Brew (brew@theMode.com)
Check out my Stock Option Covered Call website http://www.callpix.com
and my Musician's Online Database Exchange http://www.TheMode.com
==========================================================================