> On Wednesday 02 June 2004 02:04, BARTKO Zoltan wrote:
>> I would appreciate anyone wiser than me to comment on the following:
>>
>> I am making an app for PostgreSQL (the server). The clients are
>> connecting through the same single user. ...
>>
>> If I want to access a function (like do this or that with data), I
>> use a stored function and pass the id# of the user plus all the
>> necessary things. First, I check if the person is authorized to carry
>> out the operation. if so, the operation is performed.
>>
>> There are users, who are administrators. Thus, they are allowed to do
>> anything.
>>
> You can probably use set session authorization. Here are some brief
> steps.
>
> 1. Convert all your users as postgresql database users
If he's going to do this, why bother with hard-coding a single user id
and password in the application -- why not have the user log in as their
defined Postgresql user, and let the data base handle all the security
and permission issues?
--Berend Tober
