Multiple DB Users

[Alvaro Pagliari]

Hello,

I was wondering if it's possible to use two distinct users on Zotonic. One with select/insert/delete/update permission and other one with permission to create/alter/drop tables.

The more privileged user should execute mainly within the manage_schema function.

Thanks,

--

Álvaro Pagliari

[Marc Worrell]

Hi Alvaro,

That is an interesting option, and as the code to perform the schema functions is quite separate it could be done.

Right now we don’t do it though.

Is there a use case or threat model you are thinking of?

Cheers,

Marc

--

---
You received this message because you are subscribed to the Google Groups "Zotonic users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zotonic-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zotonic-users/e9434246-2449-4e4b-bf45-dafc9fb9e17en%40googlegroups.com.

[Alvaro Pagliari]

Hello,

The use case is to run Zotonic on a less privileged user for safety purposes... but I still don't know if it's better to configure a second connection on the site config file or handle this credential in a different way. Any pointers on the best way to achieve this?

On a different note, would this also permit handling multiple Postgres server connections? Maybe create named connections with the current one as the default? Then manage_schema could use a different named connection if available. This would also add support for Postgres read replicas.

If you give me some pointers I can come up with the code for this change.

Cheers,

--

Álvaro Gianni Pagliari
alvaropag [at] gmail [dot] com

To view this discussion on the web visit https://groups.google.com/d/msgid/zotonic-users/DF7F0891-0814-4AA0-ADEC-611427342704%40me.com.