Is it reasonable to register site users as PostgreSQL users?

T

Taras Labiak2015-12-16 19:13:27

CMS

Taras Labiak, 2015-12-16 19:13:27

Actually, there is an idea to implement all the site logic in PostgreSQL. The question is, in fact, what problems can arise if I register site users as PostgreSQL users. That is, roughly speaking, instead of creating your own user table, use pg_authid . Is it possible and would it be reasonable?
Among the obvious problems that I will face is the need to maintain a separate connection to PostgreSQL for each user.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

S

Saboteur, 2015-12-16
@saboteur_kiev

A completely unnatural idea.
Users do not know how to use the application correctly. They don't know how to come up with complex passwords. They don't know how to keep track of passwords. If you distribute sql access to the database, it will definitely be broken. Break other users and so on. And by means of sql bases security can be supported very limitedly.

K

Kirill, 2015-12-16
@kshvakov

Among the obvious problems that I will face is the need to maintain a separate connection to PostgreSQL for each user.

Even this "obviously" should be enough to "bury the idea", 1 connection - 1 process, and even if it is not so, the very idea of \u200b\u200bletting some users from outside into the DBMS does not seem strange to you, to put it mildly?

S

Sergey, 2015-12-16
Protko @Fesor

there is such directive in postgres as max_connections, and it is not easy.
In general, never do this. There must be a layer between the base and the outside world. Organize your user system differently.

A

Andrew, 2016-02-01
@iCoderXXI

No no and one more time no!
To maintain user access rights, authorization libraries have long been invented, in particular, they decide whether the script will generally have the right to access the database in each specific case.
So and only so.