On Fri, Oct 22, 2010 at 08:20:11PM +0400, Dmitriy Igrishin wrote: > Hey Peter, Hello Dmitriy, > > As far as I can see, this would imply either creating views on the > > <whatever> for every user (or company?), or manually crafting queries > > to do the same. The latter is of course what most webapps do, and it is > > a frequent cause of errors and, hence, vulnerabilities. > > > Yes, liberal use of views and rules are the best solutions in this case IMO. Do you know of an open source application that does that so I can see it in practice? I'd like to learn how it's done in practice because right now it seems to me that this would be rather complicated to manage. Cheers, Peter -- http://sjamaan.ath.cx -- "The process of preparing programs for a digital computer is especially attractive, not only because it can be economically and scientifically rewarding, but also because it can be an aesthetic experience much like composing poetry or music." -- Donald Knuth -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general