Antonis Christofides wrote: > But I think that checking user privileges at the database level is > better. I think it's simpler and more secure, and if later you also > want to create nonweb apps, you won't have any more > authentication/privilege headaches. For this reason, in a web app > I've made, the app connects to the database as user postgres, and > after authenticating (receives user's password, checks with pg_shadow, > and uses session cookie) uses "set session authorization" in order to > lower its privileges.
What stops the user code from issuing a "RESET SESSION AUTHORIZATION" command, say from a SQL injection, thus regaining superuser privileges? -- Alvaro Herrera http://www.CommandPrompt.com/ The PostgreSQL Company - Command Prompt, Inc. ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster