[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Authentication in 1.3 (was Re: State of Perl-based database setup utilities for LedgerSMB 1.3)
- Subject: Authentication in 1.3 (was Re: State of Perl-based database setup utilities for LedgerSMB 1.3)
- From: "David F. Skoll" <..hidden..>
- Date: Sat, 28 May 2011 16:15:43 -0400
On Sat, 28 May 2011 10:07:56 -0700
Chris Travers <..hidden..> wrote:
> In other words, LedgerSMB doesn't authenticate users in 1.3, nor is it
> the final check against exceeding permissions. These are both handled
> by PostgreSQL.
Really?
I was unaware of that. I do not like that approach. We run our LSMB
1.2 installation on a machine that says "local all all trust" in
pg_hba.conf; no normal users have accounts on that machine.
Making application users into database roles is a bad decision, IMO.
It forces you to use PostgreSQL's auth mechanism which, while
admittedly "mature and well-tested", might not be the most convenient
way to manage users in the application. I hope that you rethink this.
It's a dealbreaker for me and means we can't use LSMB 1.3.
Regards,
David.