Обсуждение: Read/Write restriction mechanism

Поиск
Список
Период
Сортировка

Read/Write restriction mechanism

От
Naz Gassiep
Дата:
A tangentially PG related question:

In a PHP project I have several functions that I use for DB operations.
I only want to allow one of them to write, all the others are for
reading only. I was thinking that a way I can enforce this would be to
check that the read only ones only have queries where the first
non-whitespace character is 'S'. This is not a security thing, user
defined queries are totally disallowed, this is just a "so developers
don't forget" measure.

Checking the first char like that seems awfully hackinsh to me, although
I can't see any reason it wouldn't work. Does anyone have any better
ideas? (Using DB level perms are out, as this is the function usage I'm
trying to control, not the connections).

Re: Read/Write restriction mechanism

От
Michael Glaesemann
Дата:
On Jan 9, 2008, at 1:39 , Naz Gassiep wrote:

> In a PHP project I have several functions that I use for DB
> operations. I only want to allow one of them to write, all the
> others are for reading only.


> (Using DB level perms are out, as this is the function usage I'm
> trying to control, not the connections).

Um, why are DB-level permissions out? It seems like a natural fit:
your writer connects as one role while the readers connect as
another. Only grant SELECT access to the readers.

Michael Glaesemann
grzm seespotcode net