Hi Josh,
On Thu, 04.10.2007 at 11:03:24 -0700, Josh Berkus <[EMAIL PROTECTED]> wrote: > Toni, > > You have a username/password combination set for the application that > > the application uses to request eg. authentication data from the > > database. Alternatively, you leap and implement OpenID, which "solves" > > all other problems for you. > > This sort of a scheme works with application users stored in a table. > However, LedgerSMB desires to use *database users* (i.e. ROLES) so that the > same set of access restrictions can be maintained across 3rd-party > applications which connect to the database. ok... maybe, but in this case, there's a design conflict between having a uniform access method implemented within the database, and possible deployment scenarios of an application utilizing this storage. Personally, I find using SQL-Ledger behind an SSL reverse (rewriting) proxy gateway attractive. This is a common usage pattern, as far as I can see. Has PostgreSQL some sort of a 'sudo' feature? That could solve the problem along the lines of "does this username/password pair authenticate? if yes, execute the following query under the rights of the associated role". Best, --Toni++ ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Ledger-smb-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
