> The more I think about it, the more I think a proxy app is necessary.
> It seems like a lot of work just for security issues, but basically most
> web based database apps use this model, with the web application acting
> as a proxy between the database and the client.
This is how I've seen it done on almost every application I've worked
on. If you have multiple apps hitting a single DB, usually each
application has it's own role. But user-level security is controlled at
the application-level. Although I don't think there's anything *wrong*
with having a role-per-user (it could provide an "extra" layer of
security), I think it's much more flexible to define security in the
application/business logic layer.
That being said, we shouldn't get too wound up over this "limitation" of
PostgreSQL until someone finds that there really is some real-world
performance issue. AFAIK, everything in this thread is theoretical.
Cheers,
Jeremy Haile
