Web应用程序:管理用户数据库访问
我想知道控制不同用户的数据库访问的最佳方法是什么。由于我正在实现让用户在访问某些页面之前登录应用程序的常见场景,因此我认为通过在数据库中创建视图和新用户来将数据库访问限制为仅每个用户需要查看的数据也很好。 -level 仅授予某些权限。这些数据库用户将具有与这些用户访问应用程序相同的用户名,因此,当用户登录时,我可以使用他们在申请表上提供的用户名访问数据库...这是正确的方法吗继续?
谢谢!
I'd like to know what the best way to keep the different users' database accesses under control is. Since I'm implementing the common scenario of making users login to the app before accessing certain pages, I thought that it would be also nice to restrict the database access to only the data each user needs to see by creating views and new users at database-level granted just certain permissions. Those database users will have the same usernames that those users have for accessing the app, and so, when users are loging in, I could access the database with the username they are providing on the application form... Is this the correct way to proceed?
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
说到 Web 应用程序,常见的做法是拥有一个与唯一用户的连接池。
每个请求都使用该池中已打开的连接。这样你就会获得更好的表现。 (连接已经打开,准备好的语句的缓存,...)
至于用户应该访问或不访问哪些数据,这应该在应用程序的服务层中编码,而不是在数据库中(在Web应用程序中)我想说的是文化)。
此外,您描述的系统很难在应用程序用户和数据库用户之间保持正确的同步。
Speaking of a web application, the common practice is rather to have a pool of connections with a unique user.
Each request uses an already open connection from this pool. This way you'll get much better performances. (connections already open, cache of the prepared statements, ...)
As for which data the users should have access to or not, this should be coded in the service layer of the application, not in the database (in the web-application culture, I would say).
Moreover, the system you describe will be a pain to maintain proper synchro between application users and database users.