[Catalyst] how to authenticate using database users

Jonathan Rockway jon at jrock.us
Fri Mar 20 07:42:18 GMT 2009


* On Thu, Mar 19 2009, Adam Witney wrote:
> Hi Bill,
>
> This is using PostgreSQL. The other apps are fat clients that can pull
> data from external sources, it was therefore necessary to have the
> security levels built into the database.

Actually, there is really no reason to rely on the database for this.
You can always put some sort of app in front of the database that does
this.  In the case of a fat client and a Catalyst app, the design would
be something like this.  You write a library that handles users, access
levels, and so on.  Then, you write a thin RPC server that sits between
the database and fat client that uses this library to control access to
the database.  You speak SQL between the RPC server and the database,
and something else between the fat client and the RPC server.  (This is
preferable to talking directly to the database for a number of reasons
-- you can change the structure of the database, add transparent
caching, and so on without the fat client ever knowing.)  For the Cat
app, you do the same thing -- when talking to the database, use the
library that the RPC server uses, or just use the RPC server.  (Both
approaches have advantages.)

There is a little bit more code to write, but you increase the
flexibility of the system.  All your rules are now written in
easily-testable Perl instead of some variant of SQL.  You can change
the backend, and the frontend won't care.  You can add caching, you can
add your own master/slave replication, whatever -- everything is
abstracted.  Loose coupling is good!  Tight coupling is bad!

Anyway, there is no reason to throw away good software engineering
principles simply because someone mentioned the word "database".  Using
the database for anything other than storing and querying data is a
waste of effort.  It's like writing all your software in CPU microcode,
simply because it's the lowest level possible.  You *can* do this, but
why not use something higher-level?  Everything is easier that way.

Regards,
Jonathan Rockway

--
print just => another => perl => hacker => if $,=$"



More information about the Catalyst mailing list