Furface <furface@omnicode.com> wrote:
>
> Thanks Tom. You know I thought about this approach a little more. I
> don't think there's a simple answer to this security problem short of
> placing a proxy server application between the clients and the
> database. The problem with giving database role accounts to each and
> every user is that the users now have uncontrolled access to the
> database.
Ummm ... huh?
PostgreSQL has a pretty nice security model that gives you a great deal
of control over what users have access to:
http://www.postgresql.org/docs/8.2/static/user-manag.html
The only thing that's missing is row-level granularity. There's at least
one project out there supporting that, and you can also simulate it with
clever usage of stored procedures and the ability to run them with the
permissions of the definer instead of the executer.
-Bill
