On May 9, 2007, at 2:09 PM, Daniel Cristian Cruz wrote:
It's a web application user. I was trying to make some database magic, hardening SQL injections... But its wrong, the application must be secure. Unfortunelly I can't have a database user for each web user...
I don't see the issue if users don't connect directly to the database, only through your web application. You then have complete control over any query executed. You should not have to worry about SQL injection if you use prepared queries and stored procedures.
John DeSoi, Ph.D. http://pgedit.com/ Power Tools for PostgreSQL
