Furface <furface@xxxxxxxxxxxx> wrote: > > Thanks Tom. You know I thought about this approach a little more. I > don't think there's a simple answer to this security problem short of > placing a proxy server application between the clients and the > database. The problem with giving database role accounts to each and > every user is that the users now have uncontrolled access to the > database. Ummm ... huh? PostgreSQL has a pretty nice security model that gives you a great deal of control over what users have access to: http://www.postgresql.org/docs/8.2/static/user-manag.html The only thing that's missing is row-level granularity. There's at least one project out there supporting that, and you can also simulate it with clever usage of stored procedures and the ability to run them with the permissions of the definer instead of the executer. -Bill
