Chris.....

> >If it's a Linux-Apache-PHP-PostgreSQL web app you only need one user, the
> >one your PHP script logs in as.

> Who says? I sometimes require that the PHP app logs into the database
> with the username/password suppled by the user. This makes it easier to
> manage permissions. Of course you cannot use connection pooling in this
> case without a partial rewrite of your app...

I said that.

Let me rephrase it. As a minimum, the way website PHP scripts typically
connect to PostgreSQL, you only need one user.

Conversely, you could trust anybody on the machine. If you are on a
dedicated machine and nobody else has access it's as secure as the
machine. However, some potential users of the app won't have secure
dedicated machines, so I think that would be a bad idea.

OTOH, you could have many postgresql user/password logins, like some of
your (Chris') websites.

How common is it to have the website user names carry through to the
postgresql user login? I don't see the advantage to it, I just have a web
username table in the database, but my websites are fairly simple, you
either have access to a private area or you don't.

brew

================================================== ========================
Strange Brew (brew@theMode.com)
Check out my Stock Option Covered Call website http://www.callpix.com
and my Musician's Online Database Exchange http://www.TheMode.com
================================================== ========================


---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match