[Catalyst] how to authenticate using database users

Adam Witney awitney at sgul.ac.uk
Mon Mar 23 11:21:14 GMT 2009 

On 20 Mar 2009, at 07:42, Jonathan Rockway wrote:

> * On Thu, Mar 19 2009, Adam Witney wrote:
>> Hi Bill,
>>
>> This is using PostgreSQL. The other apps are fat clients that can  
>> pull
>> data from external sources, it was therefore necessary to have the
>> security levels built into the database.
>
> Actually, there is really no reason to rely on the database for this.
> You can always put some sort of app in front of the database that does
> this.  In the case of a fat client and a Catalyst app, the design  
> would
> be something like this.  You write a library that handles users,  
> access
> levels, and so on.  Then, you write a thin RPC server that sits  
> between
> the database and fat client that uses this library to control access  
> to
> the database.  You speak SQL between the RPC server and the database,
> and something else between the fat client and the RPC server.  (This  
> is
> preferable to talking directly to the database for a number of reasons
> -- you can change the structure of the database, add transparent
> caching, and so on without the fat client ever knowing.)  For the Cat
> app, you do the same thing -- when talking to the database, use the
> library that the RPC server uses, or just use the RPC server.  (Both
> approaches have advantages.)
>
> There is a little bit more code to write, but you increase the
> flexibility of the system.  All your rules are now written in
> easily-testable Perl instead of some variant of SQL.  You can change
> the backend, and the frontend won't care.  You can add caching, you  
> can
> add your own master/slave replication, whatever -- everything is
> abstracted.  Loose coupling is good!  Tight coupling is bad!
>
> Anyway, there is no reason to throw away good software engineering
> principles simply because someone mentioned the word "database".   
> Using
> the database for anything other than storing and querying data is a
> waste of effort.  It's like writing all your software in CPU  
> microcode,
> simply because it's the lowest level possible.  You *can* do this, but
> why not use something higher-level?  Everything is easier that way.

thanks for the suggestion. It is probably not feasible to do that with  
our database at this stage. But i will bear it in mind for future  
projects

For general information, with a *lot* of help from mst on IRC,  i have  
something working using a custom Catalyst::Authentication::Store::*. I  
will get it packaged up and submit it when i have written some docs  
for it

thanks again

adam

More information about the Catalyst mailing list