Hello everyone! I am working on a multi-tenant (sigh) DB design using schemas. I anticipate a bunch of junior developers coming in before we fully mature our testing process, so SQLi is a concern. Basically, I want to have a role for each tenant, and have a user/role that will est. a DB session from a connection pool then perform a
set role
followed by a set schema
to the schema that the tenant role has grants to. So, my main requirement is this: after these two (or more) commands are invoked, the current role should not be able to do a set role to any other role (tenant) other than itself. This is to prevent an attacker-controlled SQL query that has set role
as part of its payload.Is this something that can be accomplished with PostgreSQL? Any suggestions thoughts are welcome, however tangential