English
Français

Why PostgreSQL is a better enterprise database than MySQL

Vincent Danen demonstrates some of the features that make PostgreSQL a standout database, despite being a bit more challenging to set up and use.

By Vincent Danen, Special to ZDNet Asia  (Monday, February 22, 2010 11:25 AM)

When it comes to open source databases, MySQL gets the lion's share of attention. MySQL is an easy-to-use database, and a lot of open source Web applications are geared towards it.

The other primary open source database is PostgreSQL which, while widely known, doesn't have the same mindshare that MySQL has obtained. This is unfortunate, because out of the two, PostgreSQL offers much more security, reliability and data integrity than MySQL does.

This does, however, come at a cost. PostgreSQL is a little more challenging to set up and use; it leverages privileges and security of the underlying operating system as well as roles and privileges provided within the database. This can make PostgreSQL more difficult to use if you are unaware of these issues.

Once you are aware of them, using PostgreSQL is just as easy as using MySQL.

Similar to MySQL, PostgreSQL operates on the principle that certain users have certain types of access to data. In PostgreSQL, these are called "roles" and can be created or managed using CREATE ROLE, ALTER ROLE, and DROP ROLE.

Unlike MySQL, these can also be mapped and tied to system users, which means it can leverage different forms of system authentication: ident server authentication, LDAP server authentication, PAM, and Kerberos.

For local connections, you can also use filesystem permissions by changing who can access the UNIX domain socket, and where it is located.

The meat of the access controls in PostgreSQL is in the pg_hba.conf. For ident authentication, the pg_ident.conf is used as well; this is used to map database users to local users. Assume that user "joe" is allowed to access the database as PostgreSQL users "joe" and "ecommerce". The pg_hba.conf file would contain: 

# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
local   all         all                               ident map=esite
host    all         all         127.0.0.1/32          ident map=esite

And pg_ident.conf would contain: 

# MAPNAME     SYSTEM-USERNAME    PG-USERNAME
esite         joe                joe
esite         joe                ecommerce
esite         postgres           joe

This allows the system user "joe" to access the database as either "joe" or "ecommerce". It also allows the system "postgres" user to connect to the database as "joe". It also enforces the map type for the ident method with the name "esite", as defined in pg_ident.conf. What this means is that on the local type (UNIX domain socket) and on the local TCP/IP address (127.0.0.1), only joe and postgres can connect to the database. No other user has privileges to do so.

The ident method is a nice way to control which local users can connect to which database. This method only works for localhost (TCP/IP or UNIX domain socket) connections; it does not work for remote connections.

While this may seem a little confusing to those coming from MySQL, there is real desire for databases to have this kind of granular authentication mechanism. MySQL only supports authentication based on login credentials; these credentials are stored and managed in the database itself.

PostgreSQL on the other hand, can also allow this type of authentication, using the password mechanism. Beyond that, it can allow password-less authentication (trust), the ident mechanism as discussed, PAM (which allows for a lot of interesting authentication scenarios), and finally both LDAP and Kerberos.

Kerberos support is something that has been desired for MySQL for years (in fact, bug #6733, opened November 2004, in the MySQL bug database is a feature request for Kerberos support). Kerberos support and LDAP directories for password storage are very much at the heart of many companies' preferences, which makes PostgreSQL a compelling database to use.

There are many more features that make PostgreSQL well-suited to the enterprise. Security is huge, but PostgreSQL's support and focus on data integrity, granular access controls, ACID compliance, and other core focuses, really explain why PostgreSQL is so highly favoured amongst many database administrators.

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years.

To top
13/07/2012 The stealth success of PostgreSQL - 24/04/2012 Is the Xerox Mobile Scanner Good? - Silex Expands Product Line With High-Performance Gigabit and 802.11n Wireless USB Device Server ConnectivitySolutions - 24/03/2011 Outback Imaging launches EzeScan 4.2.135 with Alfresco Integration - 20/12/2010 Ingres Set to Close 2010 with Strong Financial Results and Unique Market Position - 03/12/2010 Ingres Expands Global Presence and Launches Into Japan - 02/12/2010 Three Xerox DocuMate Scanners Receive Editor’s Choice Awards from Better Buys for Business - 30/11/2010 Visioneer Strobe 500 Receives Product of the Year Award  - 30/11/2010 Nuance eCopy ShareScan Suite 5 Available. - 23/11/2010 Ingres Expands Executive Management Team With New Hire in Sales - 12/11/2010 Propalms TSE 6.5  - 09/11/2010 Garnett and Helfrich Capital Acquires 20 Percent Stake in Ingres Corporation - 26/10/2010 New Xerox DocuMate 3920 Network Scanner Simplifies Secure Document Capture and Critical Information Sharing - 20/10/2010 Pentaho and Ingres Team for Agile Business Intelligence and High Performance Data Warehouse - 12/10/2010 Visioneer NetScan 4000 Awarded Editor’s Choice from Better Buys for Business iGuide  - 12/10/2010 Ingres Database 10 Pulls Out All Stops With Further Migration and Performance Enhancements - 14/10/2010 The end of the hourglass - 11/10/2010 Business analytics at the speed of thought - 07/09/2010 Ingres and Univention Sign Strategic Cooperation Agreement - 01/09/2010 Silex S1 End of Life Notification - 17/08/2010 New Xerox DocuMate 3460 Delivers Fast and Easy Scanning of Documents and Plastic ID Cards - 06/08/2010 Webcast: Blazing Fast Business Intelligence with Ingres VectorWise and Pentaho - 03/08/2010 Ingres and Global Open Source Leaders Converge in Australia - 29/07/2010 Datamatics Opts for Ingres Worldwide - 27/07/2010 Xerox DocuMate 3115 Receives “Outstanding Achievement” Award from Buyers Laboratory - 26/07/2010 EnterpriseDB Announces Immediate Availability of Newest Version of Postgres Plus Advanced Server - 20/07/2010 Propalms, Inc. Receives Additional Order for TSE 6.0 Licenses from Ohio Based Health Care Company - 07/07/2010 Propalms, Inc. Receives Purchase Order for TSE 6.0 from Saudi Arabian Ministry of Education - 07/07/2010 Silex SX-200-0213 End of Life Notification - 29/06/2010 Visioneer Strobe 500 Receives “Outstanding Achievement” Award from BLI  - 22/06/2010 Visioneer Launches New OneTouch Application for Visioneer and Xerox Scanners - 17/06/2010 Ingres Supports the Dutch Police in Effort to Prevent Football Related Violence Accros Europe - 25/06/2010 Ingres: Vector Databases Are Real Faster databases and big progress on open source - 08/06/2010 INGRES VECTORWISE live speed demo - 08/06/2010 Ingres Shows Faster Queries With VectorWise - 08/06/2010 Ingres VectorWise Delivers Business Analytics at the Speed of Tought - 04/06/2010 PostgreSQL 9.0 Beta 2 Now Available - 01/06/2010 Continuent Tungsten Offers Scale-out Solution for PostgreSQL 9 - 21/05/2010 Silex SX-550 End of Life Notification - 20/05/2010 Postgres Announces DA-SOFT AnyDAC Release 3.0.1 - 19/05/2010 Servoy moves to PostgreSQL, goes Open Source - 18/05/2010 Propalms Receives Purchase Order for its New Upgraded TSE 6.0 from Leading Indian Overnight Courier Company - 18/05/2010 Cybercluster 2.0 - Synchronous replication for PostgreSQL - 18/05/2010 Ingres and SEP AG Provide backup for the city of Schwäbisch Hall using Novell Solution - 17/05/2010 Postgres announces DbWrench Database Design & Synchronization v1.6.4 - 12/05/2010 Primekey Integrates Ingres Database into Global Security Solutions - 10/05/2010 Postgres announces release of Navicat version 9 - 07/05/2010 EMS Data Comparer for PostgreSQL version 3.0 released - 07/05/2010 Database .NET 3.2 has released! - 12/05/2010 PrimeKey Integrates Ingres Database Into Global Security Solutions - 05/05/2010 Ingres Announces Strategic Partnership with Bendigo Partners  - 04/05/2010 Scan, Share and Recycle with the New Visioneer® Strobe™ 400 - 03/05/2010 Ingres CEO Roger Burkhardt to Give Keynote as Ingres Supports Red Hat as Premium Sponsor  - 01/05/2010 Ingres Vectorwise smokes it! - 29/04/2010 PostgreSQL 9.0 Beta 1 Now Available  - 29/04/2010 PostgreSQL 9.0b1 announcement, with built-in replication support - 27/04/2010 Peerless Foods reports savings of $300,000 to $400,000 a year in licensing fees by using Ingres OpenROAD to build its ERP system - 27/04/2010 Ingres Customer to Showcase Revolutionary Blackberry Mobility Application Built on Ingres Database  - 20/04/2010 Ingres Community Come Together For 2010 Ingres OpenROAD Code Sprint  - 15/04/2010 Xerox Announces DocuMate 3115® - Two Powerful Scanners In One Small Device - 15/04/2010 Ingres and Engineering Release New Analytical Appliance For The Business Intelligence Market  - 14/04/2010 Oracle Tries to Reassure the Open Source Community, But They Aren't Buying - 29/03/2010 100 Mbit/s pour chaque Luxembourgeois - 24/03/2010 Novell and Ingres to jointly offer database solutions to ISVs and SIs - 16/03/2010 Visioneer Strobe 500 Receives PC Magazine Editors' Choice Award - 26/02/2010 Ingres to move open source database to beta - 25/02/2010 DAI Rubicon Puts Supply Chain Delivery Solution in the Cloud - 23/02/2010 Ingres Makes Rain for Partners by Powering Application Development in the Cloud - 22/02/2010 Xythos launches version 7.2 - 22/02/2010 Why PostgreSQL is a better enterprise database than MySQL - 08/02/2010 INGRES CEO EXPLORES THE CLOUD ON INFORMATIONWEEK PANEL - 02/02/2010 Ingres' VectorWise rises to answer Microsoft - 27/01/2010 Why Open Source is Needed to Combat Climate Change - 27/01/2010 Is Oracle protecting core business from MySQL? - 26/01/2010 INGRES announces technology preview program for Ingres VectorWise - 24/01/2010 Sept prévisions pour l'open source en 2010, par Roger Burkhardt - 22/01/2010 Postgres Community Responds to EU Decision to Approve Oracle's Acquisition of MySQL - 21/01/2010 Les "secrets" des mots de passe... - 12/01/2010 Government of Jordan selects Ingres to drive OpenSource adoption across the country - 29/10/2009 Red Hat débarque sur le marché des SGBDR - 15/10/2009 Open source database to wean companies off Oracle - 01/08/2009 VectorWise from Ingres promises a database big step for analytics - 29/07/2009 Ingres claims massive database performance boost - 05/07/2009 Open Source Flies In A Recession - 02/07/2009 OpenSource security opinion by Kapersky expert - 13/05/2009 INGRES partners with RedHat, offers end-to-end OpenSource solutions - 27/04/2009 Ingres announces Icebreaker BI integrated with SalesForce - 20/04/2009 ORACLE buys SUN, pushing MySQL users to INGRES OpenSource offers - 17/03/2009 La gendarmerie, cas d'école d'une migration à grande échelle vers les logiciels libres - 14/01/2009 Roger Burkhardt's predictions for 2009 and after - 25/11/2008 Journée du Logiciel Libre du Luxembourg -