[redis_mlc]

If you're a developer, a database is just a database.

If you're a corporate DBA, they are each worlds apart.

MySQL is a perfect match for most SaaS applications that deal with compliance. Postgres is simply not.

The main issues with managing Postgres today are grant inheritance, and also the lack of COPY FROM/TO grants. I shouldn't have to update grants for non-admin or readonly users after adding new objects, and there needs to be the equivalent of MySQL's FILE grant for Postgres' COPY FROM/TO.

OTOH, it is easy to reason about MySQL grants, and almost pain-free to update them in production.

If anybody can send me a link on how to make Postgres work in a corporate and/or compliance environment, let me know.

Source: DBA.

[abernard1]

> MySQL is a perfect match for most SaaS applications that deal with compliance. Postgres is simply not.

I find this statement amazingly weird. In my experience, MySQL's access grants are extremely impoverished compared to Postgres (even in 8). It doesn't have row level security either.

> The main issues with managing Postgres today are grant inheritance

roles + `INHERIT` (which has been available since at least 8.1, 15 years ago)

> I shouldn't have to update grants for non-admin or readonly users after adding new objects

You don't. There are default grants that apply on object creation within a schema: `ALTER DEFAULT PRIVILEGES`.

[redis_mlc]

The reality is that I commonly see MySQL production applications use non-admin accounts, and have never seen that for Postgres. So there is a problem.

Can you see if there is a grant similar to MySQL's FILE for COPY FROM/TO in Postgres? The last time I checked in early 2019, there wasn't.

[justinjlynn]

sigh

Must you really draw conclusions about the suitability of PostgreSQL or MySQL for all users based on your limited perspective/niche needs?

> If you're a developer, a database is just a database.

[screams internally]

[quickthrower2]

Yeah I mean as a developer I’ve never had the luxury to ignore storage concerns.

At bigger companies they might abstract it out but your gonna get a slow query one day and be tuning sql or something.

[redis_mlc]

> I’ve never had the luxury to ignore storage concerns

You're way out of date.

There's no storage concerns with the default since 2010 in MySQL, Innodb:

https://en.wikipedia.org/wiki/InnoDB

[thinkx]

> MySQL is a perfect match for most SaaS applications that deal with compliance. Postgres is simply not.

Please elaborate on this “simply not”.. you are making a categorical statement.. does there exist a DISA-certified STIG for MySQL, for DoD and military applications?

[mgauto]

There is no certified MySQL STIG yet. There is one for Postgres though.

STIGs are hardening guidelines used the US Department of Defense.

[johannes1234321]

I don't know what DISA or STIG are, but yes there are such projects. https://www.mysql.com/customers/industry/?id=65 has a few relevant references.

[jlgaddis]

There isn't a STIG for MySQL... yet. Supposedly there is one being worked on, however.

There's been a Postgres STIG for, I dunno, "a while" now.

--

DISA: https://en.wikipedia.org/wiki/Defense_Information_Systems_Ag...

STIG: https://en.wikipedia.org/wiki/Security_Technical_Implementat...

[x87678r]

I used to think this. I was surprised when DHH said hey.com uses MqSQL as back end. https://twitter.com/dhh/status/1275901955995385856